With remote working having been thrust upon organisations in an unexpected fashion, it’s been a challenging time for businesses and their IT teams to enable what has generally been a niche part of businesses that work remotely.
A lot of businesses have put so much focus into enabling this ability, it’s possible that IT security has fallen by the wayside a little. So, we thought we’d put together a list of things to think about for your remote working method. Also don’t forget that IT security isn’t just about the IT environment, it’s also about your physical environment.
Hard Drive Encryption – Please ensure that your device has encryption enabled on the hard disk, this ensures that if the worst does happen, your company’s data is secure. So, no matter whether you’re working from your home office, sofa, garden or a communal area, your data is safe.
Lock Your Screen – Even if you’re just going to the kitchen for a cup of tea, make sure you lock your screen. It prevents anyone in vicinity from viewing data, being on purpose or by accident. If you have a feline friend, it also stops them from adding unwanted content to your work documents as well!
Work Location – If you’re lucky enough to have a home office you’ll be able to work separately, which is great news. If you must share workspace, try and ensure that your screen is not visible especially if you are looking at sensitive information.
Meetings & Conversations – It is now more important than ever to be mindful of the conversations we are having and are exposed to. To help keep these conversations confidential, familiarise yourself with your company procedures and either use an enclosed headset, or leave the room to have private conversations.
Documentation – We’ve noticed that working remotely people have become much more paperless, therefore if you don’t need to print a document don’t. However, if you do, consider how you are going to dispose of that information. Most documents will require to be shredded, not put in your household recycling or rubbish.
Password Policy – Passwords are vital to the security of your business and the data within your systems. We’d recommend a strong password policy be put in place, along with lock out of accounts after a few attempts. This is the number one thing you can do to protect your data.
Multi-Factor Authentication (MFA) – Traditionally to access IT systems you’ll have a username and password, which may have been enough historically. However due to phishing attacks and a wide variety of threats it is quite possible that your various usernames (normally your email address!) and passwords may already be out there on the internet. We’d recommend an MFA solution which generates a unique code, normally every 60 seconds, then sends this to your mobile phone. So even if someone has your username and password, without the regularly changing unique code, they won’t get in!
Anti-Virus – The importance of protecting your devices from threats absolutely must include an Anti-Virus solution. However, that’s only half the story, it’s vital that it’s kept updated and running correctly, both of which should be monitored. Any alerts you receive should be sent directly to your IT team for urgent review.
Patching – All operating systems are made up of millions of lines of computing code and no matter how good the quality of that code, there will be bugs that hackers will look to exploit for their own gain. We’d recommend you ensure that you’re installing updates in a timely fashion. Though we’d also recommending waiting a week before installing them, unless classed as critical, because patches have also been known to have their own bugs and cause issues as well! Again, if in doubt contact your IT team.
Home Wi-Fi – We’d remind everyone working from home to ensure that your home Wi-Fi networks are secured from anyone able to connect from outside, so please ensure that you have an adequate password set up on these to ensure security. Also ensure that the admin password of your home router is suitably secure and not set to default.
Public Wi-Fi – When working on a Wi-Fi network that you don’t have control over, we’d always recommend using a VPN to encrypt the traffic between your device and company systems, whether they are cloud or on-premise systems. This ensures that no other users on the same Wi-Fi can see your data in transit. Whilst a lot of cloud systems do encrypt data automatically, its better to be safe than sorry.
Mobile Devices – The vast majority of business now have teams using mobile devices for a wide variety of functions. Sometimes these are business owned, sometimes owned by the user under a Bring Your Own Device scheme. On both cases, these devices should be managed by a central Mobile Device Management (MDM) tool. This allows for the setup of devices with a standard configuration, and to remotely lock devices, erase data or retrieve a backup.
Email – In a time of crisis, criminals and fraudsters always looks to take advantage of potential disorder and process deviation. So be extra aware of all emails that you receive during this period. Check the email address, not just the name on the email address. The two should cross check, if you aren’t sure, check with your IT team. Trust me, they won’t mind!
Data Backup – With data being in more places, its vital to ensure that you only store data in secure areas which are backed up in the event of any of the above happening to your business. That may be servers in your office or in the cloud, as well as cloud platforms such as Office 365. Ensure that these backups are configured correctly, running as expected and completing without issue, better to prevent than cure!
We hope the above is useful, if you’ve got any questions or need help implementing some of them in your business, please do get in touch and we’ll be happy to help!