Secure Home Office in Times of Corona | Total Security

Today, many companies are introducing home offices for their employees as a response to the challenges posed by the coronavirus. The IT departments are under pressure: They have to find a solution for employees as quickly as possible so that they can work safely from home. In doing so, one often accepts compromises in terms of information security.

 

Secure Home Office

Intensive and, so to speak, area-wide work via home office means that the risks increase significantly as new areas of attack open up. The companies have invested a lot of money in IT security and built walls, so to speak, to protect the working environment. Now the employees are suddenly working outside these walls; For example, they share the home network with their children or other family members who are in the same network with private devices or work equipment.

To ensure smooth work in the home office, companies have to consciously make compromises, unfortunately also in IT security. Cybercriminals are also familiar with this dilemma. They try to take advantage of the situation and increase their efforts. In doing so, they are particularly targeting industries that are facing major new tasks due to the Corona crisis, such as hospitals and other health facilities. In addition, cybercriminals and state-sponsored espionage campaigns use the Covid-19 issue intensively as bait in phishing emails.
 
In view of this, in order to minimize the risks, we recommend the following measures for working safely from home.

Raising Employee Awareness

Technology alone cannot provide comprehensive protection for employees in the home office. The best protection against cyber attacks is the employees themselves. Educate your employees about the specific dangers in the home office and empower them to deal with these dangers. You should inform your employees specifically about the dangers of phishing emails and train them specifically on how to recognize and handle such emails. The spread of phishing mails in connection with the coronavirus has already increased massively, and MELANI and the BAG have issued corresponding warnings. 

Secure Remote Access 

It is best to use a VPN solution to give employees who work from home secure access to the company's internal resources. This offers a secure communication channel for data exchange with the company network. If possible, use VPN together with multi-factor authentication . This gives additional security. 
Also think of the increased requirements regarding the availability of the solution if a large number of employees suddenly work from home. Test your infrastructure under stress; you may have to expand the system's capacity.

Hardening of the IT Systems Used

When working outside the company network and the associated exchange with the company network, it is important to have the IT systems of the employees in focus. These must be protected as well as possible - in any case, the company infrastructure must be prevented from being infected. You should make sure that at least one antivirus software or an endpoint protection solution is installed on the employee systems. At the same time, the employee systems should always be up to date and also be able to be continuously updated in the home office. If employees in the home office have to use private laptops, minimum requirements for these laptops should be defined; this is the only way to guarantee a minimum level of security. 

Home Office Support

Possible in the company office: If you have problems with the infrastructure, you can quickly ask another employee for help, or IT support comes to the workplace. This is not possible in the home office. That is why it is all the more important that the employees know how support can be addressed. The support staff may also have to adapt. New tools may need to be procured so that support can maintain employee systems outside the company network. 

Home Office Regulations 

Employees in the home office must be aware of their duties when working on the move - and they must behave correctly. It is therefore important to document this and communicate it clearly. In particular, the outflow of data must be prevented. It should therefore be bindingly regulated how information (both on paper and digitally) is to be transported and processed outside the company and which protective measures are to be taken. In this context, the employees must receive binding instructions so that data protection is also ensured in the home office. This should make it clear to all employees that, for example, confidential information must not be sent via private mail accounts, or that confidential paper documents cannot be disposed of in the waste paper collection. 

Backup

It is important not to lose the work done in the home office. Therefore, the work results must not only be saved locally: Ideally, they must always be stored directly in the company network. If employees use private devices, it must be ensured that the data is stored correctly, i.e. in the company.

Monitoring the Infrastructure 

Since there is always the possibility of a cyber attack despite all the measures taken, the IT department should monitor the infrastructure. In particular, unusual user behavior deserves the greatest attention. However, it should also be borne in mind that behavior in the home office can differ from normal behavior in the office. For example, employees may work late into the night because they have to look after children during the day. 

Summary

It is very important that companies help their employees to work safely from home in times of Corona. Even after Corona, home offices will establish themselves in the long term and have an impact on work processes and collaboration. 

It is therefore important that mobile working and home office are implemented correctly. Much can be done to ensure adequate security. This is done through technical measures and the individual behavior of employees. On this basis, a company offers cybercriminals as little attack surface as possible. Having Protegent's total security will reduce the chance of fraudulent activity and keep your data safe.

Comments