Work-from-home security requires a new perspective and new technologies. You still need to meet your security objectives, regardless of the environment. However, there’s a need to change your approach. Before making changes, start with an IT security risk assessment. This will ensure you find security issues that impact multiple users rather than responding to one-off comments and concerns.
Work From Home Security: Assessing The Risks In 5 Steps
Before spending time and resources on new security processes and apps, you need to understand the threat. Use these self-assessment questions to pinpoint vulnerabilities in your organization.
1) Last year, what percentage of your employees worked from home more than once?
If the number is under 25%, that tells you most staff will need increased guidance on security. For example, a few of them are likely familiar with video conferencing tools or virtual private networks (VPNs).
2) What work from home guides and resources do you currently have available?
Without guides for staff, expect to see a wide range of security practices. Unfortunately, all you need is one or two security mistakes for your organization to suffer.
3) Do you have written guidelines for physical security? Do they cover non-office environments?
In a conventional office, you have doors, locked offices, cabinets and other measures to keep unauthorized people away. You might even have security guards to discourage break-ins. None of these safeguards apply to work-from-home security. If your guidelines and training resources assume all staff only work from the office, you face heightened security risks
4) On a scale of 1 to 10, how flexible are your IT security administrative processes?
Give yourself a score of 5 or less if you only offer one option (e.g. a phone call to the IT help desk) for changes. If you provide an additional manual option (e.g. employees send an email to their manager asking for a password reset), you get a score of 6. Top scores on this question require you to have a flexible and automated IT security process.
Ideally, review these questions with a few employees outside of the IT department to get their perspectives on the situation.
The Step-By-Step Process To Tighten Working from Home Security
Put each of these practices into effect, and you will dramatically cut your work from security risk.
1) Make IT Security Administration Flexible and Fast
When an employee cannot log in to a corporate network, their productivity immediately falls. If the situation persists, their motivation level may suffer as well. If you only provide IT security password resets and access change requests via calls to the help desk, work from home security will be slow and ineffective.
There’s a solution to this problem: implement IT security tools designed with convenience in mind. First, reduce the number of passwords your employees have to memorize. Simply install a single sign-on software solution. Next, install an IT security chatbot so staff can request a password and access changes by text message, email, Slack and Skype whenever they need one.
2) Provide Physical Security Tips To Improve Work From Home Security
In terms of physical security, you need to tread carefully since you cannot dictate how people use their homes. However, you can impose a few simple restrictions. For example, consider prohibiting staff from printing sensitive documents on home printers. Without secure shredding services, printed corporate documents may fall into the wrong hands. Besides, ask employees to use “code names” when referring to specific companies or clients. This precaution makes it less likely that you will suffer security leaks.
3) Increase VPN Capacity
Your virtual private network (VPN) capacity may be configured on the assumption that only 10% of your workforce uses it. That assumption probably needs to change in the age of mass work from home. Make a note to reach out to your VPN provider to increase capacity. As a short term measure, direct employees to disconnect from the corporate VPN when they are performing bandwidth-intensive activities when possible.
4) Provide Work From Home Productivity and Wellness Tips
What happens when you’re tired and burned out on work? You’re more likely to make mistakes and cut corners. When that tendency to cut corners impacts IT security, you will see problems. For example, more phishing scams may succeed when employees are distracted. To make this type of problem less likely, provide home productivity tips. For example, encourage employees to adopt routines in their work to make life more predictable
5) Reassess Vendors For Work From Home Security
Some vendors are more secure than others. The New York Times reports “‘Zoombombing’: When Video Conferences Go Wrong” that some video conference services suffer major security weaknesses. Whether or not you use the service mentioned in the article, it is an excellent reminder to take a closer look at the apps, tools and third parties you rely on. Reach out to them to ask what measures and suggestions they have to improve work from home security.
Tip: Worried about consultants and contractors working with your organization? We’ve got that issue covered in the following article: Are Your Contractors Increasing Your Cybersecurity Risk?
6) Continue IT Security Reporting Processes To Find Problems
There is no such thing as “done” in professional IT security. That’s why you may need to ramp up your monitoring effort to keep pace with large-scale work-from-home behavior. For example, measure how many staff are using multi-factor authentication (MFA). Using MFA regularly is an excellent way to make your systems more resilient from attack. To keep multiple users safe, send regular reminders to staff to direct them to use MFA login in methods.
Work From Home Security: Balance Security and Productivity
By putting these six practices into effect, you will make work-from-home security sustainable. In the long term, adding more automation tools to IT security makes security tasks faster to complete. That means your staff can get passwords and access requests finished quickly and then get back to their work. As you continue to put new work from security processes and tools in place, keep the balancing principle in mind. How does the precaution impact productivity? IT security always needs to keep user productivity needs in mind.