It’s been a very tough few weeks for everyone but hopefully you have managed to get through the initial challenges the lockdown has brought. Most of our clients were already geared up to work from home but probably not quite on the scale that we are currently seeing. Now that things have settled somewhat, I thought it might be worth taking a look at security and some considerations you should make while working from home.
Just because you are at home, it’s still important to take physical security seriously. You should approach security as you would in the office. For example, if some of your team live in a shared house or flat, you need to ensure that flatmates can’t borrow the work computer. So, make sure that devices are password protected, ideally encrypted, and that devices are locked if they’re not being used.
Whether staff are using business equipment or home machines, the same principles should apply – they should be password protected, preferably with a strong one. This also includes mobiles and tablets that should have passcodes enforced.
Where possible, secure your systems with multi factor authentication (MFA). MFA adds an extra layer of protection when accessing your business systems which can be useful if staff are using their own devices.
When working at home, try to avoid leaving your devices in plain sight by a window and make sure that your windows are locked, particularly when you go out for your exercise and also at night. Criminals don’t take much notice of lockdown and may be active in your area.
Secure your home network
It might seem simple, but make sure you have a firewall on the perimeter of your home network and change the default password on your router. Most people leave the default password assigned by the ISP in place. Make sure your wireless network is secured using a strong password. Ideally this won’t be “password” or ‘123456’.
Accessing work resources
If you have the ability to access your work resources, such as centralised files or client records, from home, it@s important to make sure this is secured and access is restricted based upon an individual’s requirements. Only give people access to what they need to do their job and not unfettered access to everything.
Encryption and data, if users are working on a VPN, you should do what you can to turn on device encryption. This will help secure this data should an employee have equipment stolen.
It may be difficult in the current circumstances, but try to control the use of devices which are running unsupported operating systems. You don’t want people dusting down old Windows XP laptops that have been in a cupboard for years!
Cyber security awareness
Cyber security remains as important as ever. As with any global event of this type, individuals will try and use fear to take advantage of human nature. It’s important for staff to understand the risks of phishing during this challenging time and if they have any doubts at all, to contact IT support for confirmation. We have seen an increase in email related activity over the last few weeks.
Ensure staff also understand that social media will be used to target them more than ever. Misinformation is being posted and groups are being created to lure people into giving away personal information. Make sure everyone is aware of the risks.
I touched upon backups in a recent blog but it’s worth reviewing your processes to make sure your business data is safe and secure. If you still have on-premise servers, it’s easy to forget about the need to store backup media offsite. Look at options to make sure you can get your key data away from the office. Plenty of online services are available such as Azure and AWS and can be part of your longer term business continuity planning to make sure that your vital business data is secured.
Lockdown and social isolation have been a massive adjustment for everyone to make. Morale and motivation are challenging, but if we all pull together and make sure our colleagues are supported, we can get through this. Make use of the great array of conferencing and communication tools available. Face-to-face communication is a massive part of any business, so make sure you speak to colleagues, ideally by video, as often as possible.
If you have any questions related to cyber security or your IT strategy, please contact us and we will try and help where we can.
Stay safe and well.