Over the last decade, the number of employees working from home has steadily increased. Estimates suggest that 1 in 10 US citizens had regularly worked from home up to 2019. Understandably, since the outbreak of Covid-19 in the first half of 2020, this figure has grown exponentially, a trend that is likely to continue for the foreseeable future.
Governments around the world have encouraged employees to work from home wherever possible. Key frontline workers are still required to continue their occupations, and millions have unfortunately lost their jobs, with tens of millions furloughed on government financial aid.
Some reporters are referring to this shift in working behavior as the greatest ever working-from-home experiment. With this paradigm shift of working behavior, organizations must consider the additional risks and security concerns to protect themselves from data breaches, fraud, ransomware, and exploitation.
Below are some of Atlantic.Net’s key recommendations to follow to help ensure that business data is protected when employees are working from home.
Protect User Devices
The biggest threat to data integrity with home working is seemingly obvious; when an employee works from home, business data is necessarily accessed, processed, and updated from that employee’s home. Businesses must prepare for the change in working environments to help protect company assets. People’s homes do not have physical security controls found in the workplace such as building access cards and 24×7 security guards.
So what can be done to protect a user device?
- Employees should only use devices provided by the business, such as laptops, desktops, and cell phones. Bring-your-own-device (BYOD) practices should be discouraged. If an employee uses a personal device, protecting business information becomes a significant challenge.
- Employee laptops must be protected by automatic security updates, such as Windows Update and application updates.
- Employees must not be allowed to download or install any software without the administrator’s permission.
- Antivirus should be rolled out to all devices. Daily updates to Antivirus definitions must also be enforced and security controls should be put in place to prevent users from tampering with AV, such as uninstalling AV or stopping critical services.
- User devices must be secured using group policies that enforce automatic screen locks.
- Encrypt employee laptops; this ensures that if a device is stolen, the hard disk will be unreadable unless the user has the security key.
- If employees use WIFI in their home network, ensure that security controls are set to WPA2 or higher.
- Multi-Factor Authentication has become a must, as usernames and passwords are easily phished and stolen.
Atlantic.Net is uniquely positioned to help businesses tackle the distinct problems working from home can create. We currently provide an extensive number of Remote Desktop services that allow our clients to access our cloud platforms. This approach provides secure remote access to a centralized, easy-to-manage server or desktop.
This procedure helps greatly with regulated industries; for example, those impacted by HIPAA, HITECH, or SOC compliance requirements. Atlantic.Net’s data centers are already compliant with these standards, and home workers can connect to our secure infrastructure over a VPN. You, the customer, do not have to invest huge amounts in infrastructure to provide a service to your employees; simply leverage the servers we offer ready-to-go!
Define a Strong Password Policy
Passwords are the first line of defense on a computer network; you might be surprised by how often easy passwords are compromised by hackers. Businesses can protect against this by using technical measures that enforce password complexity.
- A strict password policy should be defined that enforces complex passwords.
- Password generators can be used, but as a rule of thumb, try to include at least 3 different words, a mixture of upper and lower case, and some special characters (*&^%%$£!”).
- Use different passwords for each of your accounts and note the password in a secured database application.
- Protect the secured database application with encryption keys and another strong password. Set the password to reset every few weeks. These user-friendly features are available when installing the password application.
- Consider saving your password database to secure cloud storage, such as OneDrive for Business Personal Vault for added security.
- Utilize Multi-Factor Authentication (MFA or 2FA) wherever possible to increase the security level of your user’s logins. MFA makes phishing and brute force attacks extremely hard for hackers.
All of Atlantic.Net’s infrastructure services provide best practice security for our clients, and our services not only are resilient, but also are built with security at the forefront of the design process. We offer compliant storage and databases that can be leveraged with guaranteed security hardening.
Create a Work-from-Home Policy
Businesses need to work together with HR and technology teams to create an enforceable work-from-home policy. Businesses must always trust employees, and a work-from-home policy should only create boundaries of acceptable use of computer systems.
Businesses must ensure that they provide employees with the appropriate technology to work from home. This typically includes:
- Laptops
- Computer hardware
- VPN network access
- Access to email systems
- Collaboration tools (Skype / Teams / JIRA)
- Applications needed by the employee.
Businesses can then secure these assets to protect data integrity. Employees should find a dedicated workspace at home with minimal distractions, away from people that might read or overhear sensitive business conversations. Any business compliance regulations are still enforceable for home working, such as data protection laws or healthcare legislation. Ensure children or relatives do not use company assets.
If you’re looking for assistance with maintaining data security in a work-from-home environment, contact Atlantic.Net for assistance with managed hosting services and IT support.