With the current increase in staff working from home, either by choice or by necessity, there’s no doubt it has become something that will stay for both the short-term and long-term. This in turn presents new security challenges.
With a huge proportion of the UK workforce working from home for the foreseeable future the modern office has reached into people houses, bringing with it some old and some new technical issues, problems and threats. These can be mitigated against by applying the same rigour and good practices that apply in the usual workplace, which for many the home has become.
Device security in households
Now that most of us are working from home and not in a shared office space, there are less controls and security measures in place to monitor who accesses company computers, phones and tablets. Whether in a family home or shared flat environment, leaving a laptop or computer unattended, or allowing someone else to use your company-issued equipment can pose either accidental or malicious risks.
Those with children should ensure that their PC is locked when they’re away from it to ensure that important data or information cannot be edited or deleted. This applies also with those sharing a flat or house with others, where housemates could maliciously read, edit or copy any sensitive files. The best way to do this is simply to get into the habit of locking your PC (on Windows this can easily be done by pressing the Windows Key + L simultaneously). This is a common good practice for office spaces in general, but applies even more so to the current working situation.
Other home security quick wins are:-
- Ensure that your WiFi network is secured with a password
- Change the default admin password on your home router
- If available, set up your home router’s “Guest WiFi” feature, which then allows other people to use your home internet connection, without being able to see other devices on your home network
Awareness of Phishing and internet fraud
Phishing is an attempt to get you to share personal and/or sensitive information or data about yourself which could be used for identity theft or other fraud. Whilst working from home you may be more vulnerable to phishing attempts, or simply receive more of these, for a variety of reasons.
Things that you should be wary of:-
- E-mails from unfamiliar sources that say they have links to information about important current news – e.g. in particular at present links to information about Covid-19. Please use your usual trusted sources to keep up to date on the news and never share personal information with sites (including creating logins/sharing your e-mail address) unless you can verify that they are legitimate.
- Be wary when using social media about filling in or responding to innocent-looking quizzes. You may find that hidden in amongst the questions are certain ones which may also be security questions for your bank or other secure services, e.g location of birth, mother’s maiden name, even first pet. These quizzes may be forwarded on by others you trust, so if in doubt we recommend avoiding them.
- With the increase of online shopping as people are unable to go out and about, there is a similar increase in fake e-mails purporting to come from online retailers or services. Again, be vigilant about these. Any which reference “locking your account” or another invitation to respond quickly without thinking may well be attempted fraud. If you do receive these, never follow the links in the e-mail and login directly on the retailer/service site to check your account.
- Remember, for any incoming contact you receive that you’re unsure of always try and verify via another method. If you receive a suspicious e-mail, follow up with a phone call to the company/service using the contact details on their website (not in the e-mail). If you receive a suspicious phone call, follow up with an e-mail to the company to verify this.
Sharing information among colleagues and clients
Another security challenge in working from home is the sharing and distribution of files, along with collaborative working. Ideally you will still be able to save files to the company server, shared drives or the same system you used whilst based in the office. However, if this is not the case then you need to use a secure method to share files with colleagues or third parties.
It’s recommended and strongly advised that when sharing files, they’re done so in a manner that is secure, preferably with some encryption. At a basic level, this can be done in Word and Excel documents by adding a password to the file. At a more advanced level, systems like Mimecast and Sharefile can be used to ensure that only the intended recipient receives your shared files securely.
There’s almost certainly a system in place for you to be able to send files securely and if you’re unsure what this is, please let us know. It’s also no good having this in place but employees not being aware of it, so ensure that everyone is up-to-speed on sharing files securely.
Safely using a VPN
A large majority of those working from home are now using a VPN (or Virtual Private Network) allowing them to access the office network. This is very convenient and is the closest thing to actually being in the office.
However, this comes with some risks also. If access, either physically or remotely was gained to your device in the way mentioned above – there’s a chance that whomever it is could connect to the VPN and therefore have access to the company servers and data. Some VPN clients remember credentials.
To mitigate against this, as a first step, it’s worth ensuring that the VPN software you’re using doesn’t remember your credentials. On top of this, some systems allow for MFA (or Multi-Factor Authentication) to be enabled, meaning you’ll need to accept a prompt/call on their phone to get access.
Need more information?
If you require any assistance in regards to working from home and security, please get in touch.