With the current Covid-19 crisis leading to more people than ever working from home to comply with self-isolation and social distancing rules, there has been much focus on the ability of broadband and networks to cope. However, it’s also important to ensure that any remote working is carried out securely.
In a new and unfamiliar situation, it’s easy to overlook basic security measures. But just because your staff are still in their pyjamas and working from their spare bedrooms doesn’t mean that the threats to your business and its data have gone away.
Network Access
Most people will be accessing the corporate network via their home internet connections, but you can’t rule out the possibility that public networks will be in use too, so it’s important to ensure that connections are properly secured.
The usual way of securing remote connections is to use a VPN so as to create a secure ‘tunnel’ between the endpoint and your network. But it’s also important to take a look at the security features present in your existing systems. You may already have capabilities such as multi-factor authentication for example, that you’re not using, so this is a good opportunity to review your overall remote working security strategy.
For example, there are tools such as Microsoft Secure Score available as part of Office 365 that gives you a review of your organisation’s security stance.
If you’re not using as-a-service applications, one way of enabling home working is to use remote desktop tools to allow workers to access their office PC. There are security issues with these, however, so make sure that you choose your software carefully and understand and apply the security settings that it offers.
Protecting equipment and data
If people are working from home using their own equipment, then it’s important to ensure that it has basic security software installed and that it’s up to date. As an absolute minimum, there should be firewall and antivirus protections installed. There are many good free options available for people to protect their own systems.
It’s a good idea to ensure that people’s home Wi-Fi is secure too. Most ISPs now provide routers with WPA security and secure passwords enabled from the start. It’s still a good idea, however, to change the default administrator password and switch off the WPS feature. If a router is a few years old, it’s worth checking if there are any firmware updates available too.
If you are using software-as-a-service applications then they are usually backed up by the provider. However, it’s a good idea to take additional backups too. Setting up your own additional backup usually gives you more options when it comes to recovering to a specific date and time or getting back individual files.
If you’re using a messaging service to allow your staff to stay in touch while working from home, you should check to see if it has an encryption feature. Many popular messaging services have this either by default or available as an option.
Beware of scams
There’s already evidence that hackers are keen to exploit the current crisis to spread malware. [1] It’s therefore vital that people – whether working remotely or still in the office – are made aware of potential scams. Phishing emails will seek to exploit people’s fears surrounding the coronavirus in order to gain access to company systems or steal personal data.
Staff should be encouraged to take basic precautions such as hovering the cursor over a link before clicking to read the address, checking the email addresses of senders and so forth.
The same rules apply to SMS messages which are doing the rounds at the moment, especially with shortened links. If they look like they come from an official source, the best advice is not to click them and instead go to the official government or NHS website to get the latest information.
If you are worried about security for employees working remotely or need to set up remote working for your business quickly then give Cloudworks a call. We are specialists in cyber-security, cloud technologies and support. In addition, we continuously monitor our clients IT cloud infrastructure to ensure they are secure and protected against the latest threats. Give us a call to find out more and we will find the best strategy and solution to fit your business.
Call us on 0115 824 8244 or email info@cloudworks.co.uk
[1] https://betanews.com/2020/03/19/covid-19-dark-web-specials/