It’s the 21st century, and working from home is more common than ever. 2 years ago, the Office of National Statistics reported that 13.9% of people in employment in the UK spent over half their time working from home. That was 2 years ago and that figure must be growing. Employers and employees both reap the benefits of working from home. The former seeing improved employee retention, financial savings on office space and facilities, and potential productivity gains. While the latter see a less stressful environment, find themselves to be more productive and can avoid a potentially stressful commute. Whilst these are all important, employers may overlook one issue that comes from this: cybersecurity. This is often overlooked but is anincreasingly important issue of the 21st century.
The downside to home working comes primarily from unsecured personal devices and unprotected networks, in turn leaving company data open to attacks, posing a threat on the business [1]. These issues may arise as employees work in public areas. For example cafés or airports. In these locations their devices are vulnerable due to a lack of authentication. This makes it possible for information such as credit card details, important emails and security credentials to be revealed through capturing the traffic. These networks may also lack important security measures that an office connection may have – such as malicious traffic filtering, which may reduce or eliminate the potential risks of phishing, drive-by downloads and other similar issues.
Other, more tangible problems also exist. Employees run the risk of their device being stolen, their credentials being viewed from onlookers (otherwise known as shoulder-surferd) and accidentally changing security configuration on their device, putting them at increased risk [2].
The real questions that come from this are how can we manage these risks? How can we enable people to work from home or remotely in a safe way?
Tips for working from home
- Encrypt your data. A thief wont be able to do anything with the data if a devise if stolen. It will look like gibberish. Windows (Professional edition) has a built-in feature called BitLocker, which will encrypt the entire hard disk.
- Make sure you’re using encrypted connections when connecting to websites (look at the padlock in the URL bar and check the URL says “https”) and where possible are using a VPN, assuming your company offers one.
- Have up-to-date antivirus software and a firewall in place.
- Have the ability to destroy data remotely. If your device gets stolen, you need to be able to destroy important information from anywhere you are. Working on the cloud could help with this.
- Make sure you know of potential attacks and how they work. Antivirus software and encryption is a good start, but social engineering (where someone calls and impersonates someone from a credible source) and phishing are ones you mostly need to look out for if you’ve done all the above.
We suggest doing the above, as this can drastically improve the security of your devices away from the office. It may seem like a bit of a chore, or something that could take a long time and is too complicated. With this in mind, there should be no issue to a more flexible, and most likely more efficient [4], work schedule.
[1] http://www.cbronline.com/news/mobility/security/flexible-working-working-from-home-securing-data-and-networks-to-protect-against-cyber-attacks-and-data-breaches-4803613/
[2] https://www.gov.uk/government/publications/10-steps-to-cyber-security-advice-sheets/10-steps-home-and-mobile-working–11
[3] https://www.theguardian.com/world/2015/apr/09/french-tv-network-tv5monde-hijacked-by-pro-isis-hackers
[4] https://www.theguardian.com/careers/2016/nov/28/alternative-9-5-rhythms-peak-working-day-flexible