In this era of Covid-19, Work from Home has become the new normal.
Now that many companies are announcing permanent work from home policies, the practice maybe the norm for the foreseeable future. This opens the door to many substantial security concerns. Establishing work from home best practices is critical.
Here are some guidelines that employers should consider when allowing their employees to work outside of the office.
- Always issue a company owned computer, if possible. It is never a good idea to allow company owned data to find its way onto an employee owned computer. There are many reasons that this could become a serious issue. Among them:
- Control of Data – If an employee chooses to leave the company, there is no way to police the data that resides on an employee owned disk drive. This can be particularly damaging if the employee accesses HIPAA regulated information.
- Security – There is no way to ensure that an employee owned computer meets security compliance requirements. Is there appropriate antivirus software installed? Are the definitions current? Is the device infected with Malware?
- Software updates – Software updates are released by providers on a regular basis. It is not possible to ensure that the critical updates and patches are installed if the device is not on your company infrastructure.
- Never allow open Wi-Fi connections –
An open access Wi-Fi is a major security risk to your company’s data. Open access will allow anyone to actually access to your Company’s network. With no firewall between the computer and anyone else connected, a threat actor is granted unfettered access to the network. This would allow any interested party to monitor traffic on the network.
- Use an adequate Virtual Private Network (VPN) –
VPN connections should always be used to transmit data between the assigned Work from Home employees and the Company’s network to ensure that all of the data between the remote network and the company networks rides securely on an encrypted tunnel, protecting all information from any prying eyes.
- Home work areas should be private –
When working from home an employee should always choose an area that is private. The area should have a door with a lock to prevent unauthorized access. It should be free from distractions and all screens should have obscured line of sight from other people in the household.
- Always lock your device –
If not behind their device, employees should always ensure that it is locked. This is a best practice, not only in the home, but in all work environments. It is never a good idea to leave a device in a state that someone could possibly view confidential information. This can be easily accomplished by simply pressing the Windows key and ‘L’ key, simultaneously.
- Never leave your device in your vehicle –
This seems like a no-brainer, however it happens. Even if you lock the vehicle, your device can disappear.
- Ensure that home routers are secure –
Prior to authorizing a user to work from home, the home router should be checked to ensure that it meets security protocols. The router should be checked to ensure that it does not use default passwords and that there are no risky port forwards setup.
- Adequate antivirus should be installed –
This is true of all company devices, but particularly in a work from home environment. You should use reliable Antivirus on all workstations to confirm function and up to date antivirus definitions.
For an assessment of your work from home security controls, and assistance establishing your work from home best practices, Please contact us!
