Over the past several years, the primary driver of work from home has been the attraction for retention of talent or it was largely about saving money. Covid-19 has taught organisations better future disaster preparedness and employers are increasingly finding it advantageous for employees to work from home.
Remote working employees employ various means of connecting with the organisations, such as by VOIP, laptops, and virtual private network connections to access the company servers. Employees get convenience and freedom, and their employers get lower office expenses, and also employees around the globe are saving 100 per cent of their commuting time. It’s a win-win situation for both employee and organisation.
When employees are working from home and they routinely log into the company networks remotely, it is harder for IT staff to spot unauthorised logins and data theft. For example, many employees log in from insecure networks and access company assets via the internet, their own homes, an internet cafe, or a coffee shop down the street offering free Wi-Fi.
• Unsecured networks: It is tough to control security and privacy. Using a public network increases risk of potential data breaches
• Personal and shared devices: Tracking unauthorised users of work PCs can be a challenge
• Insecure smartphones: Smartphones without antivirus is prone to risk of hacking, malware, and more importantly social engineering crimes
• Virtual meetings: Zoom and Webex etc. help all employees stay connected to co-workers but there is a risk since users don’t always install security updates and patches
• Distraction: Because of continual access to social media and the internet, there is an increased possibility of distraction and social engineering attacks
Security tips for admins
* Have a remote security policy and use the right technology and tools
* Ensure you have enough number of VPN licenses and effective use of VPN. Be aware of additional risks from remote working
* DNS filter to prevent employees from accessing risky websites
* Disable USB ports to prevent the use of portable storage devices
* People joining virtual meetings should secure their privacy by switching off video and mic, and also make sure screen sharing, annotation and whiteboard features are switched off and the controls are only with administrators
* Physical security of computers is often considered unimportant and employees must be aware of how to secure their remote workspace and steps to protect their work stations and devices
* Implementing multi-factor authentication and best password practices to avoid using weak and compromised passwords.
* Ensure employees only use secured internet connections and use encryption software and updated firewalls, antivirus and anti-malware softwares on their laptops/desktops
* Make sure employees know all the cloud-based collaboration platforms available to keep files and services on the cloud and ensure encryption used for all data that is stored and in transit
Time management while working remotely:
* Attention to time: Small pockets of 15 to 30 minutes exist between scheduled meetings, ensure you walk a 100 meter or browse a paper, or have a short two-minute talk with kids and spouses
* Personal boundaries: Respect the space of everyone and don’t yell at kids when someone is disturbing in the midst of your meetings, especially when you are sharing living space with roommates, spouses, children, and pets.
* Calendar management: Often spouses and kids complain that you are overspending time on the system and not allowing time for them. Create a calendar and slot time for all
* Managing energy: First few hours in the morning is when you’re fresh. Prioritise the important works accordingly
* Empathy and compassion: Remote work today is happening in an extreme state of uncertainty and anxiety. Now is the time to have empathy and compassion to each other especially with the teammates
Organisations must use the outbreak as an opportunity to strengthen security and implement the above solutions to decrease risk. Data breaches to spear phishing, brute force, and ransomware, Online threats could be same if it’s a private or a government organization as the focus is more either for ransom or sensitive data.
Small and Medium Enterprises who cannot afford to have a separate cyber security practice can reach expert members of the Centre of Excellence Cyber Security Telangana ( https://ccoe.dsci.in/ ) for both options of internal and outsourced cyber security support.
A host of new technologies and services are coming onto the market that makes it easier to mount a robust defence against cyber threats. Private companies should focus on (a) Outsourced security services for BYOD, MDM, NOC and SOC (b) Systems that enable collaboration between security team members (c) Continual attack simulation tools and (d) Point solutions for anti-phishing and secure browsing (e) private and government partnerships in cybersecurity practices and developments.
(The author is the founder of End Now Foundation)
Now you can get handpicked stories from Telangana Today on Telegram everyday. Click the link to subscribe.