Mitigating the risk of working from home

With little time to develop appropriate working from home policies and procedures, the Coronavirus crisis has forced many companies to deploy remote working arrangements without the necessary considerations for data security and privacy risks. Here, Stephen Tattersall head of our new support service – Cowgills Tech, offers his advice on mitigating the risk.

Home office networks are more likely than corporate networks to be infected by malware. They will most probably lack an in-depth approach that includes antivirus solutions, firewalls, and intrusion prevention systems which are used to secure a company network.

1. Employees should be limited to using company owned devices. These should be password protected and encrypted. With the majority of laptops and PC’s using Windows 10 you will already have the means to encrypt these devices at no extra cost. You should restrict the use of unencrypted USB storage and control the means by which files are shared both internally and externally.  With many companies already using Office 365, SharePoint and OneDrive this is a good way to do this, offering secure password protected links that can be controlled by your company.

2. Company owned devices should be protected by a centrally managed anti-virus product. Over time the threats faced by end users has changed and is changing on a daily basis. Next-Generation Antivirus products take the traditional software to a new, advanced level of endpoint security protection. Offering a lot more than just simply scanning files for known threats.

3. Microsoft Windows and most mainstream programs are updated regularly to prevent exploits. Make sure you are using the latest product versions. Updates for programs can be managed centrally giving an overview of all your devices ensuring they are updated.

4. It is important that you secure any cloud-based apps that your company uses, as these are potentially accessible by anyone. Two Factor Authentication increases the safety of online accounts by requiring two types of information. Office 365, Xero and many others offer this as part of their subscriptions at no extra cost. This basically requires a second form of authentication after the user’s password and is usually linked to the user’s mobile device. This makes fraudulently accessing accounts almost impossible and is very simple to implement.

5. Another simple yet effective measure is to secure your home network. The first thing to do is to change the default password on your home router. If your home router is compromised, then potentially you risk giving access to your devices and everything you send through the router. The default passwords for routers are a weak link in the protection of your home network.

6. Provide the protection of your office to users working from home. A great way to do this is the use of suitably implemented remote desktop solutions. By doing this the user is effectively working on securely hosted servers that are protected by the antivirus solutions, firewalls, and intrusion prevention systems which are used to secure your company network. This can be further secured by the use of a VPN.  If you are unsure about your current firewall protection, then before implementing a remotely accessible system then it would be a good time to review this as this is effectively your businesses window to the outside world and is probably one of the most important purchases your company will make. All this requires careful planning and budgeting. In the first instance the current firewall should be reviewed, and any outdated access polices removed.

7. Make sure you have an effective back up solution in place that covers all your data. People often assume that if they have their data in the “cloud” that it is automatically backed up. While this is true in some cases it is not in all. If you are unsure then you need to check this. Ideally you want copies of backups stored in a secure offsite location.

8. Since the shift to home working audio and video conferencing have become an established part of both internal and external communications. During meetings be careful when sharing your screen or working environment. Don’t leave any windows open on your PC or physical files visible that you don’t want to share. Accidents do happen, and sometimes you might share something that you didn’t mean to. This is a privacy issue. You might be oversharing content that is not meant to be viewed by others.

9. Phishing emails are currently at an all-time high, with many people trying to exploit the current Covid-19 situation.  It has been reported that 79% of people are able to distinguish a phishing message from a genuine one, nearly 50% admitted to having clicked on a link from an unknown sender while at work. Whilst some of these are easy to spot and others getting flagged up by email filters this is a very real theat. If an employee falls foul of this itis extremely important that it is reported and investigated and in most cases the user needs to change their password, not doing this can have serious consequences. There are some very good products on the market that can mitigate this risk and at the same time educate users in spotting such emails. Mimecast is a relatively low-cost solution scanning every email, attachment and URL on every click to provide advanced threat protection from impersonation fraud, ransomware, whaling, phishing and spear-phishing attacks.

Cowgills Tech has been established to provide IT solutions for SME businesses.  We can help your business work smarter, taking the pressure off you so you can focus on the successful running of your business.  If you would like to talk to someone about how we can assist you with your IT support please contact head of Cowgills Tech Stephen Tattersall stephen.tattersall@cowgillstech.co.uk