We are seeing an unprecedented number of remote users on home and public interest services accessing their employer and school resources. This opens up organisations and employees to more risk.
After the Prime Minister’s announcement on the 23rd of March, many of us now find ourselves working from home in order to reduce the spread of Covid-19. This blog outlines important factors for employees, organisations, and additional security risks to keep in mind whilst working from home.
For employers:
- Do your employees have all the equipment needed to work from home? Where it is possible, you should provide employees with corporate devices; and ensure that these devices have up-to-date security software and security patch levels that users are regularly reminded to check.
- Do you have a suitable VPN? If all the internal assets are over VPN, you should ensure that your VPN will support the entire workforce connected at once.
- Can employees access hosted cloud-based applications when not on the VPN? Employees may need to collaborate on documents or place them somewhere that they can be shared and amended.
- For remote workstation setups, can the servers keep up with demand? Make sure you have a suitable set up for the size and needs of your organisation.
- How will employees communicate? Employees should have access to web and audio conferencing in order to replace face to face meetings and maintain a level of communication with the rest of the workforce.
- Can you implement new policies in time? You will need to ensure that policies for responding to security incidents and personal data breaches are in place and that staff are appropriately informed of them.
- Does your employers liability insurance cover your staff working from home? You may need to check with your broker.
- Think about your duty of care, does the fact you have staff working from home require a risk assessment?
For employee’s:
- Is your home internet speed fast enough? When working from home you not only need to look at the download speed, but also the upload speed (both critical). Try speedtest.net for a quick test.
- What is your bandwidth cap? With parents working from home and children schooling (or streaming television shows), it is important to make sure that your bandwidth cap can support the added usage.
- Do you have a comfortable workspace? A desk is ideal, but with many family members home this may not always be an option. Can you find a well-suited, quiet space?
- Have you downloaded an antivirus software? Protecting your devices to avoid corruption is important, especially when many people are connected on different devices.
- Is your software up to date? Software updates usually fix vulnerable areas within the software, making it harder for hacking to occur.
- What does your home insurance cover you to do? Check you are covered to work from home. That cup of orange juice over your work laptop may become expensive!
What can be done about additional security risks for organisations?
- Most home networks are not secure. When you consider phones, laptops, cameras, doorbells, Wi-Fi access points, modems, TVs, etc, most broadbands are connected to a multitude of devices. This makes it vital that the appropriate security measures are put into place.
- Who can access the assets and data? Access to application portals should be safeguarded using multi-factor authentication mechanisms as a precaution.
- How are the organisations assets being secured? Do all of your security controls assume that the asset is on the internal network or VPN for most hours of the day? Are employees able to browse to malicious sites from home, or are controls in place to prevent them?
- Are the new 100% remote assets being scanned for vulnerabilities?
- Keep in place some devices ready for replacement should any remote devices be breached.
The rush to work from home can create additional cyber security threats, with the larger remote workforce, there is a much greater risk that a breach will occur. It is therefore important to ensure that you are taking the appropriate steps to avoid these risks.
Proelium Law is here to help you. We are continuing to work during this difficult period. Call or email us if you have an enquiry, we will call you back at a time convenient for you
Need advice?
Contact us to discuss your requirements and how we can help