Once considered a workplace benefit or to be used in case of emergency, working from home has gone mainstream and will likely continue to be sought-after by employees well beyond the easing of social distancing restrictions.
Across the majority of Australia, Prime Minister Scott Morrison has continued to encourage those who are able to work from home, to continue to do so. This is good news, with Roy Morgan Research finding that almost 4.3 million people (32% of working Australians) have been ‘working from home’ and believe this trend and indeed, new way of working, will continue well beyond of the global pandemic.
And why shouldn’t it? The availability of high-speed internet coverage, access to the corporate network through remote access and VPN, combined with data-sharing and communication apps have ensured communication streams and managerial collaboration are intact.
However, as more people log into corporate networks from home, there is an increased risk of opening the doors to hackers without even knowing it. In this environment, it is more important than ever to ensure your employees are practicing good security habits to keep your corporate network safe.
Don’t Forget the Basics
Working from home means maintaining the same good security hygiene that you employ at the office, which means not opening suspicious links or emails from people you don’t know.
Winning an “exclusive reward” is well and good but when there is a suspicious link directing you to redeem the reward, this should raise a red flag for all employees. Additionally, the rise in malicious sites and emails relating to the COVID-19 pandemic have also increased.
As best practice, companies need to provide warnings in emails that originate outside the company, so your employees won’t be tricked in trusting a phishing email.
Another great tool that should be made available to employees is a VPN, which allows staff to quickly and easily connect remotely and gain access to company resources by authenticating their machine to the corporate network.
By automatically updating anti-virus software regularly and keeping corporate devices up to date with security patches, you can be sure that both your employees and corporate network are avoiding potential threats and harm.
The best defence is a defence-in-depth, so employing various security tools will help maintain a high-security status and keep your employees from getting infected with nasty malware.
Check the Sites You Visit for TLS/SSL
To ensure you are minimising risk, make sure employees only have access to authorised webpages when browsing from home and at work.
This is a great way to keep the gates open and shut on potentially harmful sites and protect your employees from accidently stumbling onto one.
View what a secure website looks like on popular browsers to know how to distinguish authenticated pages from potential phishing sites.
Secure Your Network
A hacked network for many businesses means unmeasurable damages; from leaked corporate data to customer financial records. The repercussions can not only impact a business’ reputation but also the bottom line.
We can eliminate this chance by controlling who can access the network. Using multi-factor authentication (MFA) to ensure that only authorised users can access controlled systems such as your enterprise platform.
The home network compared to an enterprise network is generally less secure because often there is a lack of Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS).
Additionally, working remotely requires a strong, secure internet connection. When working from home, ensure that your employee’s home network has a strong password, and if possible, try to separate the network used to connect to the work computer with other personal and household networks.
Secure Your Email
It might seem basic but ensuring that employees are separating their work email from their personal email can also help protect your corporate network from attacks.
The security standard Simple Mail Transfer Protocol (SMTP) governs how emails are sent and received, which is great if you’re okay with your email being exposed, since SMTP does not use encryption or authentication. Adding the S/MIME protocol using digital certificates to sign and encrypt emails helps secure data in transit between employees or contractors/suppliers.
Technologies and standards like Verified Mark Certificates (VMCs) allow companies to render their brand logo next to the “sender” field in email clients—visible even before the message is opened. Logo-verified email is part of a groundbreaking initiative—in cooperation with Brand Indicators for Message Identification (BIMI) to create a more consistent, authenticated and visually compelling email experience for both businesses and consumers.
Think of this as the email equivalent of the blue checkmark on Twitter or the verified badge on Instagram, ensuring that your organisations emails are properly recognised.
It’s quite common for a virus from personal emails to infect a work email account as well.
Secure Your Physical Devices
Throughout recent months, the COVID pandemic has taught us that physical distance is important for your safety, however, the safety of your corporate network and devices are equally as important.
New changes in the current environment have led to an increase in remote work and more bring your own device (BYOD) where they may not have existed before. In this environment, Public Key Infrastructure (PKI) is essential to managing your organization’s mobile devices. Using a scalable, modern PKI platform to provision unique digital certificates to each device and user in your organization is essential in ensuring only authenticated users and devices access your network, data is encrypted and only signed software code can run on your machines.
If possible, encourage employees to solely use work devices to connect to the enterprise environment instead of personal equipment.
Beware of Phishing Attacks
As demand of e-commerce is on the rise and the economic effect of this pandemic is going to apply to everyone, beware of new techniques implemented by attackers to utilise this e-commerce surface to deploy their attacks.
Emails with subjects such as “Best stocks to invest in during pandemic,” “Free supplies provided by Catch,” and similar topics are often designed to attract clicks, and they also require more security review because they might carry a malicious payload.
Ensure these sorts of emails are being flagged with your corporate IT teams and combine this with an enforcement policy, like Domain-based Message Authentication, Reporting & Conformance (DMARC), which will help give companies visibility into who is sending emails from their domains, and gives them the ability to control which of those services or servers are allowed to do so.
It can be difficult to engage with colleagues while working remotely.
You may consider setting up daily team check-ins to update project statuses, receive feedback and discuss how to overcome roadblocks. Online collaboration tools can help but remember even these tools can open vulnerabilities.
In January 2020, Check Point Software found a flaw in Zoom which allowed intruders to eavesdrop on private Zoom meetings. While the flaw has been resolved, it’s important to remain vigilant when using online collaboration tools and to monitor the news for any developments.
Online video conference platforms like Zoom often have an authentication functionality for each meeting. Make sure you use this functionality to prevent open meetings where anyone without authentication can join.
Setting and Following Company Policies
Above all else, company guidelines should always be followed, but it’s especially important when working from home.
Company policies have been implemented for reasons and should be revisited to incorporate changes and updates to how we work.
Report any suspicious behaviour to your IT security department and follow these eight tips for success. While this is not a comprehensive list to ensure total security while working remotely, it is a good start.
Simply being aware that working from home can increase your risk of cyberattacks can help employees be on guard. And if employees learn best practices for working remotely now, it may help keep the workplace a little more secure both during the COVID-19 pandemic and always.