Working from home is great, but doing it securely is even better.
Being receptive to the idea of remote working is one thing; having the resources and technology to do it is quite another. And then there’s security. How do you open up your IT solutions to your workforce when they’re not in the office, without opening them up to the whole world? In other words, how do you successfully pull off both remote working and cyber security at the same time.
There is, of course, a good reason we’re talking about remote working right now. The whole world, it seems, is in the grip of a coronavirus epidemic. The situation in the UK doesn’t appear too dire at the moment, but with Italy essentially in lockdown, government officials and businesses here in Britain have naturally begun to wonder if our own economy could cope in a similar situation. The question of remote working is just a short hop from there.
If the virus does spread through the UK as expect, experts are warning that remote working may have to become the new normal for a while. Whether or not such precautions are necessary or an overreaction isn’t for us to say, but the fact is remote working can be useful in many other situations as well, and it has some real advantages beyond helping you to wait out a nasty disease.
However, it’s important to do it right, and that includes considering the relationship between remote working and cyber security.
^ Without cyber security, the flu isn't the only virus you need to worry about
Why Care About Remote Working And Cyber Security?
It’s all well and good telling people they can work from home, but there’s a bit more to it than that. Assuming you actually have the technology to facilitate such a way of operating, you should also think carefully about the security implications of remote working.
Of course, every business is different, but typical issues include:
Network access from a remote location
If your employees need to access your server, that can be achieved, but it involves opening your server up to the internet. Clearly, you don’t want just anyone to be able to get on to your server, so it is absolutely essential to have robust security measures in place. A first step might be to enable geo-IP filtering, to immediately prevent access from abroad.
Ability to take data off site
Rather than remote access, workers might simply download data onto a USB disk and take it home with them to work on. That’s fine (assuming you know the disk is safe), but do you know what data employees are taking home and, if not, is there a way to find out? And what about when they come back to the office and want to upload their updated work files? How can you possibly know the data they return to your server is still safe?
If employees decide to work in a public space, such as a coffee shop, rather than working from home, they can easily make themselves vulnerable to shoulder surfing – where people simply look over their shoulder to steal data. It’s not exactly high-tech cyber crime, but this technique could be used to steal anything from passwords to intellectual property. And even if they work from home, data could be visible to house mates or family, which is still a problem if it’s meant to be confidential. (Note: If you’ve been told to self-isolate, and you then choose to go work in the nearest Starbucks, please stop it and go home.)
^ Password theft can be as simple as someone looking over your shoulder
Laptaps make remote working easy, but they have a major security flaw. Anyone can pick them up and run off with them. That initially isn’t a cyber security issue, but it can soon become one if the thief decides they’re not going to just wipe the stolen laptop; instead they’re going to use it to gain access to your business data or, perhaps, to your cloud software solutions or your server.
If a thief has physical access to your laptop, they don’t need to steal it to rob you. An unattended laptop would be the perfect opportunity for a hacker to install malware, steal files and so on.
Not all businesses give all their staff laptops. The ones without them likely use a desktop PC, which is a bit difficult to drag home for a spot of remote working. Such workers may choose to a personal computer to do their work on. This, as you can imagine, is a clear security risk if it not handled correctly. People are free to do what they like with their own property, so you no idea what might be on their computer. Perhaps it’s clean, but what if it’s not? What if they picked up malware from a dodgy email attachment, and now they’re using their infected PC to access your business’s server? That’s not something you want to find out the hard way.
Remote working relies on the internet, and for your remote workers to get on the internet, they need to connect to a network – one that you likely have no control over. It might be their own home network or it might be a public one. Perhaps they’re using an Ethernet connect or maybe they’re on WiFi? If they’re using public WiFi, how can you be sure they’re not on a rogue network?
^ Aside from clearly not doing any work, whose network is this young lady connected to?
Remote Working Cyber Security Solutions
It’s all well and good acknowledging the risks that come with remote working, but how do you actually go about protecting yourself from them?
One of the most powerful tools you can have in your arsenal is device management. A solution such as Microsoft Intune will enable you to determine which devices (laptops, tablets, phones, PCs etc) and users can access your data. It’s easy to set rules and levels of access – all of which can be done on the individual user or device level.
Also important is the configuration of your firewall, your servers and your laptops. This may be quite complex work, so it’s likely best left to an IT expert like TMB.
Furthermore, you and your workers can make behavioural changes to boost your cyber security. Don’t do your remote work on a public network, for example, and always be aware of who’s around you when you enter passwords.
There's a lot more to remote working cyber security than this, so if in doubt, be sure to speak to an expert.
Let Us Help
If you’re concerned about remote working and cyber security, get in touch. Here at TMB, we’re fully equipped to work remotely, and we always put security first. Everything we do here, we can do for your business as well. Just give us a call or fill out our contact form.
And why not check our cyber security quiz while you're here?