Working from home security considerations

• by Ellie Hurst
• Advent IM Blog

Thank you to Security Consultant Craig Moan for his thoughts on this topic. As more of the UK workforce starts to work from home, we thought it would be a good idea to look at information security, business continuity and data protection considerations you need to make.

From Advent IM Security Consultant – Craig Moan 

Secure Remote Access – Following on from the Government guidance for employees to work from home where possible, there has been a huge upsurge in the amount of people required to work from home.  As more employees are working remotely there is a greater importance on ensuring that any remote access to corporate resources is conducted in a secure manner.

Bring Your Own Device (BYOD) Policies – Due to the sheer number of employees working from home, organisations may struggle to provide sufficient corporate resources, such as laptops or tablets to all staff.  This may result in organisations relying on individuals using personal devices to plug any shortcomings, or where employees have sufficient resources staff may be inclined to use personal devices when working from home as it is their preference over issued IT.  In either scenario, businesses must have robust BYOD polices in place to address the use of personal devices for work purposes.

Secure Endpoints – Some organisations are likely to have sourced additional mobile IT devices, such as laptops, tablets or mobile phones to cope with the increased demand for mobile IT.  Where this has been the case it is important for businesses to ensure that the additional devices are configured with the same security measures as their standard IT, this should include Anti-Malware, Encryption, Port Security, MFA or enrolment within the corporate MDM solution.  Any additional devices must also be subjected to the organisation’s asset management processes.

User Awareness – This period of employees working from home is likely to see users working remotely who are not used to mobile working and the associated security risks.  Businesses should ensure that all users are made aware of the increased importance of security when working remotely.  This should include information on how to access corporate resources securely, data handling measures, the physical security of devices and the avoidance of using insecure workarounds.  The awareness should also provide security POCs such as Information Security Managers or Data Protection Officers for employees to contact should they have any queries whilst working remotely.

Future IT Provisions – Looking more longer-term Businesses should review their current infrastructure or planned IT projects and ensure that any future IT provision is capable of supporting wide scale remote working.  This could include adding additional remote access capacity or switching from fixed workstations to laptops.  

Business Continuity Planning – The last week has probably highlighted how under prepared some businesses are for responding to events of this nature.  Whilst global pandemics are incredibly rare, there are many situations that could see employees having to work remotely for an extended period of time from fires to flooding.  Organisations must ensure that they have robust BCP in places to deal with common situations that may adversely affect business.  These should be routinely exercised to ensure the plans remain reflective of common business practices and key employees are aware of their roles and responsibilities.

If you need a little or  a lot of support, talk to us. Our consultants are available virtually through a variety of platforms and conference call options and our MySecurityManager service means you pay for what you use, nothing more.