Make working from home secure
Allowing people to work from home offers many advantages at both a personal and a corporate level; but also brings its own data security challenges. Organisations should consider a multi-layered approach to securing their remote workforce.
Working from home has long been a possibility, but the global pandemic has shown many organisations that it’s a worthwhile strategy. In fact, a recent Gartner survey found that 74% of companies plan a permanent shift to some degree of home or remote working. But however large or small your remote workforce, you need to ensure they can work productively and securely.
For 33% of IT decision-makers and C-level professionals in Europe surveyed by Vanson Bourne, data security was the biggest concern relating to remote working. The vast majority of home networks are inherently insecure and don’t meet corporate security standards. Ultimately, having some of all of your people working from home changes the organisation’s cybersecurity risk.
Working from home: the security challenges
Clearly there’s a need to secure the remote working environment, but organisations must balance employee trust and privacy concerns against corporate security standards. Simply placing controls on a home network could be considered intrusive.
Providing home users with a VPN is the critical first layer of a multi-layer security strategy, but a VPN alone won’t protect against risks such as:
- Malware, viruses, phishing, ransomware and other threats
- Hackers piggybacking through the VPN onto the corporate network
- Unsecured endpoints
Home networks bring other risks, too: typically, they’ll support a plethora of connected devices — including personal computers, tablets, games consoles, TVs; and smart home devices like thermostats and cameras — that may not be secured. And users themselves may be a source of risk, if they don’t have a high enough level of data security awareness.
Securing your remote workforce
So what else do people need to work from home safely and securely?
Hardware and software. Ideally you’ll provide your remote workers with the hardware they need, so that they don’t have to rely on their own equipment that’s also used for non-business purposes. Look at supplying corporate laptops, printers, headsets and anything else that may be required; along with the productivity software they need.
Assurance. Implement a support programme to ensure your homeworkers’ technology is available to support their productivity.
Security. Implement the safeguards needed to protect your employees as well as your corporate systems.
For the assurance and security pieces, a cloud-based monitoring solution that’s managed by a trusted provider is often the most effective and convenient route. It will be scalable too, which could be a real benefit if your organisation intends to ramp up home working over the short or longer term. Look for a solution that incorporates features like data backup, critical patching for Microsoft applications, endpoint encryption, anti-virus and web filtering; and offers security awareness training too.
And if you have additional concerns about data security — for example, if your organisation has to comply with particular regulations around data protection — then additional solutions needs to be considered. Whether that is the implementation of separate Work and Home networks or the placing of a firewall behind the router. Essentially you will have to consider how to separate work traffic from home use and therefore keep all work data separate.