Increase In WFH Raises Cybersecurity Concerns: 5 Tips To Work From Home Securely
According to a report released by online job portal, Naukri.com, employers hiring people to work from home has increased by 3 times as compared to the time prior to the lockdown and the number of work from home jobs has gone up by 7 times in applications and the last few months as compared to the time before COVID-19 disease.
Work-From-Home might just become a permanent fixture with many companies putting into place guidelines to maintain productivity and work-life balance. But are organisations also looking at robust cybersecurity policies for WFH?
Paul Ducklin, Principal Research Scientist at Sophos, says, “While WFH has become a necessity due to the pandemic, it’s vital not to let the precautions intended to protect the physical health of your staff turn into a threat to their cybersecurity health at the same time.” He shares his five tips for working from home safely:
It Should Be Easy For Employees To Get Started
Many Self-Service Portals (SSPs) allow users to choose between different levels of access, so they can safely connect up either a personal device (albeit with less access to fewer company systems than they’d get with a dedicated device), or a device that will be used only for company work. The three key things you want to be able to set up easily and correctly are: encryption, protection and patching.
- Encryption means making sure that full-device encryption is turned on and activated, which protects any data on the device if it gets stolen; - Protection means that you start off with known security software, such as anti-virus, configured in the way you want; and - Patching means making sure that the user gets as many security updates as possible automatically, so they don’t get forgotten.
Employees Should Have Flexibility To Do What They Need
If employees genuinely can’t do their job without access to server X or to system Y, then there’s no point in sending them off to work from home without access to X and Y. Make sure you have got your chosen remote access solution working reliably first – force it on yourself! – before expecting your users to adopt it.
See What Employees Are Doing
Don’t just leave employees to their own devices (literally or figuratively). If you’ve set up automatic updating for them, make sure you also have a way to check that it’s working, and be prepared to spend time online helping them fix things if they go wrong. If their security software produces warnings that you know they will have seen, make sure you review those warnings too, and let them know what they mean and what you expect them to do about any issues that may arise.
Employees Must Have Somewhere To Report Security Issues
If you haven’t already, set up an easily remembered email address where users can report security issues quickly and easily. Remember that a lot of cyberattacks succeed because cybercriminals try over and over again until one user makes an innocent mistake – so if the first person to see a new threat has somewhere to report it where they know they won’t be judged or criticised (or, worse still, ignored), they’ll end up helping everyone else.
Know About 'Shadow IT' Solutions
Shadow IT is where non-IT staff find their own ways of solving technical problems, for convenience or speed. If you have a bunch of colleagues who are used to working together in the office, but who end up flung apart and unable to meet up, it’s quite likely that they might come up with their own ways of collaborating online – using tools they’ve never tried before.
The first risk everyone thinks about in cases like this is, “What if they make a security blunder or leak data they shouldn’t?” But there’s another problem that lots of companies forget about, namely: what if, instead of being a security disaster, it’s a conspicuous success? A temporary solution put in place to deal with a public health issue might turn into a vibrant and important part of the company’s online presence.