The last month has seen local businesses enacting, or in some cases creating, their business continuity plans and remote working solutions. Since the focus has rightly been on expediency, some considerations may have been shortcut. With your teams up and running remotely, there are now a number of key security measures that should be practiced by your people at home, through your remote working policies. You and your business es are still the data controllers/processors, so even if the data is not onsite you are still responsible for its security and integrity.
The first recommended action is for remote team members to check their home Wi-Fi is secure. This is done by ensuring the home Wi-Fi has not been compromised or being utilised by someone outside the household. Check the devices on the network are known in the household. If there are unknown devices connected, the Wi-Fi password should be changed immediately. Also, check that all your team members are connecting to their home Wi-Fi and not someone else’s.
When setting up remote working, the safest method is to use a Virtual Private Network (VPN) to connect team members with the office, thus making it more difficult for anyone to track your information as it goes through the internet. By default, multi-factor authentication into systems and services should be enabled where possible.
The operating systems and applications on devices used should be up to date. All updates should be applied and out-of-support software should not be used. Out of date software could have flaws that are exploited by hackers, which is much reduced by using the most up to date versions.
It is important devices such as tablets or home laptops are secured with up to date antivirus software. If unsecured devices are used to access company data from home, there is a real risk of data loss. All team members should be checking their devices have up to date antivirus software, no matter what operating system they use.
A worrying trend is scammers and fraudsters are now targeting home-workers, claiming to offer working from home kits, offers of Government aid or bank-related support. These scams can come from emails that appear to be from legitimate sources, I.e. phishing attacks, or via website adverts, again the website could be legitimate, but the advert could be a scam.
As a rule, team members should not download and work on documents on home devices other than those correctly linked to your company network via VPN. If not, this could result in sensitive documents being shared accidentally to family members or outside the household. Documents downloaded should be monitored to ensure their deletion on any devices that are used by other family members. This is especially true of any sensitive information on customers, team members, or commercial business.
Working from home can be a liberating way of working and need not result in a reduction in productivity. However, this needs to be done securely for the safety of team members and the data they are using outside of the corporate environment.