The Age of Remote Work
5 Key Information Security Risks for Home Workers
For millions of people across the globe, 2020 has seen a seismic change in the way in which people work. According to data from the Office for National Statistics, a mere 5% of the UK labor force worked predominantly from home in 2019, a figure which has increased dramatically since the pandemic.
With many countries banning any non-essential travel and remote work being encouraged and assumed whenever possible, it is likely that we will see a significant increase in out-of-office work long after lockdown has come to an end.
Source: Unsplash
Security Risks
During this unprecedented time, it is unsurprising that many have faltered. Research suggests that around 29% of companies did not have a business plan to protect their network during a major crisis, as well as 86% of companies, between February and March of this year, experiencing security disruptions.
As well as these disturbing facts, 73% of surveyed employees working from home have not received any specific cyber or information security awareness guidance or training.
Though the cost of the pandemic is unquestionable, with trends pointing towards remote work becoming the new norm, it is time that those who are fortunate enough to be able to work from home, learn how to work securely.
Five Key Remote Work Tips
1. Video Conferencing
With face-to-face communication now essentially impossible, the use of video conferencing software, such as Zoom, has now become common practice for both professional and social interaction.
Because of the external imperative, many users and companies quickly adopted remote work solutions without a complete understanding of the security standards of many of these companies. Zoom, for example, originally proclaimed to offer end-to-end encryption, a claim which was later understood to be inaccurate.
But it is not just the inherent security of the software which users should be wary of, it is also the way in which they are used.
Many video conferencing products offer the option to ‘lock’ meetings once all participants have joined, a feature which can undoubtedly help protect confidentiality. Likewise, meeting ID’s should be protected and only shared with authorised individuals; as in some instances, all that is required to enter is an onscreen code.
Depending on the type of software being used, there are many controls available, and whichever you choose, these controls should be both understood and utilised.
2. Home Networks
Although typically safer than a public Wi-Fi network, your home internet can also present risks. Firstly, the type of encryption used by your home router.
Depending on your model, you may be using a more or less secure form of encryption to carry your data; from the weak and outdated WEP (Wired Equivalent Privacy) to the common and strong WPA2 (Wi-Fi Protected Access II). Whenever possible the most secure form of encryption available should be used.
When setting up a router, it is also recommended that WPS (Wi-Fi Protected Setup) is disabled. The function of this is to allow a quick method of connecting devices, and though it may appear merely convenient, this function could allow anyone with momentary physical access to your router, permanent access to your network.
Likewise creating a MAC address filter allows you to build a list of trusted devices which are permitted to connect to the network, whilst excluding non-trusted devices.
Finally, changing your network name and password from their defaults should also be standard practice. A network’s name can frequently give an attacker an indication of the type of network, thus offering them an advantage, and likewise, default passwords may be more easily broken than a novel alternative.
3. Software Updates
Though it may not sound particularly thrilling, ensuring that the many forms of software that you use are up to date, is vital for ensuring the security of your information. Whilst in the office these updates are likely taken care of by administrators, but just because you are working from home, does not mean this process can be ignored.
Not a day goes by where a new vulnerability or exploit is found, and though many of these software weak spots are found by well-intentioned security researchers, that is not to say that cybercriminals aren’t working around the clock to find new ways to scam and extort users.
Just like the operating system on your mobile device, the software on your PC or laptop requires attention. Most of the time you will be altered to available updates and given the option to ‘update now’ or to delay the update. Updating the software properly will also be beneficial for its speed. For example you can speed up WordPress by just updating it in a right time.
If you’re in the middle of a piece of time sensitive work, it is reasonable to delay an update, but by ignoring these updates for an extended period of time, you expose yourself, your devices and your information up to vulnerabilities.
4. Device Security
When working inside an office, devices rarely move around. Likewise, access to devices and accounts invariably require passwords to be set. This is not the case at home.
The latest research suggests that around two-thirds of respondents (68%) use personal devices when working from home, a statistic which should be a concern of organizations of all kinds. Though not necessarily less secure than a work device, a personal device can present a different set of risks.
For example, in many cases, personal devices are shared amongst a household. Ideally, any device being used for work purposes, should be used for that purpose alone. If this is not possible, it should be ensured that any sensitive or confidential information is adequately protected, and additional guest accounts added.
It may sound overly protective, but consider the possibility of a child, for example, inadvertently clicking on a phishing email whilst logged onto your work account.
5. Remote Employee Monitoring
Employee monitoring software‘s are designed to track and evaluate users’ computer activities. By becoming fully aware of all actions performed by the remote workers throughout the day, companies can detect any malpractice and reveal reasons for low productivity and take effective measures to counter them.
This is possible as the software takes periodical screenshots of the employee computers. It also keeps a tab on running web and application usage. With all this information, companies get a full view of employee activities and spot any sign of malpractice or performance degradation. Employees, on the other hand, can check their productive and idle times throughout the work hours from this tool and improve their performance accordingly.
There are many things that you and employees can do to help ensure strong information security during this time of remote work and coronavirus. It is important that going forwards, as remote work becomes more common, that advice such as the above is adhered to, and that standards do not fall at a time when businesses face such levels of uncertainty.
“Guest blog courtesy of Hut Six Security, an information security awareness solution that combines training tutorials with phishing simulation to help build secure cultures in the workplace.”