Don't let your (cybersecurity) pants down when working from home!

April 28, 2020

Today, to remain productive, businesses and their employees are engaging in IT-related activities they never would have considered in the past — and at an accelerated rate. There are two sides to this coin: IT is more important than ever, enabling businesses that might otherwise be shut down to continue to operate; but, in the haste to empower home workers, security corners are being cut and risks are being taken.

Read on to Learn the 3 Key Rules For Working Securely From Home!

Corporate governance appears to be going out the window in many cases. It’s not just unsecured video calls, but sensitive corporate information sitting on unsecured networks, unsecured USB devices being plugged into the corporate network to bring files home, and private printouts being left unsecured on desks accessible to family members. That home printer itself is an unsecured device.

In the new #WFH reality, business continuity plans are being dusted off and put to the test, and some are being found lacking. In some cases, the result has been reactive, “knee-jerk IT support” in response to the crisis. Who has given any thought to who fixes tech problems when IT is itself in self-isolation or quarantined? Additionally, many organizations are finding that cloud solutions make working from home simpler, but they are being implemented without the oversight required, and with little concern for security, cost or business impact.

Never has it been truer that security vulnerabilities are not based on technology, but people and their behaviours. Many employees trying to find their footing in this new norm are either too cautious or far too relaxed. They may be fatigued, distracted, or feel invincible. (“It’ll never happen to me.”)

IT security is always a delicate balance between cost, convenience and protection. Today, as organizations strive to find balance, many are steering into dangerous territory. Here are three simple rules you can follow to make working from home more secure:

Rule #1: Don’t break the rules

Unprecedented times require flexibility, of that there’s no doubt, but a strong security posture must be maintained. Hackers and criminals are not taking a break and are, in fact, increasing efforts by taking advantage of coronavirus/COVID-19 anxiety. Phishing attacks are on the rise, giving further credence to the fact employee behaviour is the weakest link in the cybersecurity chain.

At the same time, IT is often being asked to sidestep rules for “efficiency.” When an employee is having trouble accessing the network or setting up a device, IT is being urged, “Just give them administrative access.” Absolutely not. The rules were put in place for a reason and, more than ever, need to extend across the entire corporate network — which now includes employee homes.

Rule #2: Define the rules

As counter-intuitive as it might feel, staying consistent with existing corporate rules, regulations and policy is crucial as employees move from cubicles to make-shift kitchen table offices. These are often implicit in the office environment but must be spelled out explicitly to new home workers so there is no room for uncertainty. Employees and managers will use the excuse that they were not told unless it is spelled out for them.

Rules that must be now clarified might include (but are not limited to):

Many requests to break the rules are to overcome annoyances and not for business-critical activities or reasons. Most of the time the critical nature of tasks is being artificially escalated. Ask yourself: Is getting a printer installed for an employee to print from home important enough to give them administrative access and break the entire corporate security policy? (The answer is almost always no.)

Rule #3: See Rule #1

With employees working from home, the network is now extended into areas it has never or rarely been. Typical homes have an unwieldy number of unsecured, consumer-grade computers, mobile smartphones and IoT (Internet of Things) devices that haven’t been patched for months or years. It’s important to set up this new corporate environment following the same procedures as the traditional one.

“But COVID-19 is an exceptional situation,” you or your employees may claim. From the perspective of teleworking, it’s not exceptional. The technology is nothing new, and many businesses have had remote digital workplaces in place for years. The only exception is that these are not employees used to working from home. A sense of urgency is often taking precedence over logic.

Employees may be working in yoga pants and hoodies, but now more than ever corporate security must be button-down.

If you would like to learn more about Appsonnet’s secure #WFH solutions, contact us at 416-362-8867.

Contact Appsonnet today to find out what we can do for your business and technology.
Email Us or call 1.416.362.8867