Best practices for work-from-home security
While remote work is more popular than ever, companies still struggle with the security aspects. Implementing best practices will help keep your network safe.
The sudden arrival of the COVID-19 pandemic impacted the entire world, forcing an array of changes to the way businesses conducted themselves. For one thing, many organisations required their workers to work from home (WFH), with the pandemic accelerating existing trends in remote work, e-commerce and automation, among others.
At the time, as a business owner or an IT professional managing through the outbreak, big decisions had to be made quickly not only about the company, but also having many employees work from home, notes Leon Munsamy, Marketing Product Manager at Altron Document Solutions.
“The major challenge was that, while some work streams translate easily enough to WFH – thanks to cloud-based solutions – digital network security does not. This is a challenge that has not gone away with the end of the pandemic, and has in fact become larger, as bad actors seek to exploit potential holes in their security, created by WFH,” he explains.
“Since the outbreak, many companies continue to allow employees to work from home, or have implemented a hybrid working environment, owing to the multitude of benefits – from increased staff productivity to happier, more well-balanced staff with reduced stress levels, as well as large company savings.”
Having worked in the office automation industry for over 20 years, Munsamy indicates that there are certain best practices that should be followed, which will help to reduce a company’s exposure to WFH security threats.
“The first thing one should do is to ensure that everyone uses company-issued laptops. If employees have to use work-authorised laptops only, it makes it easier for the business to manage security updates and patches, pushing these electronically, and as needed, to the devices,” he says.
“The key benefit here is that it allows everyone on the team to receive the exact same security measures, no matter where they are situated.”
He also warns that it is imperative to ensure that workers that don’t have a work-issued laptop, and instead still use their personal devices, do not use the company VPN.
“Employees should be instructed not to connect their personal device to the company VPN, but rather to leverage work platforms using a virtual desktop infrastructure to access internal company resources. Staff need to be made aware that a personal device may contain malware, and if this is connected to the work network, the malware could infiltrate the business environment.
“In a WFH environment, it becomes the employee's responsibility to know who is using their personal WiFi system. They need to log into their WiFi routers and check exactly who is signed in. If there are devices they don’t recognise, they must block them, to avoid any unknown actor potentially hacking into the company network.”
Munsamy adds that sensitive work documents need protection in a remote office. One of the most effective ways to protect sensitive documents, he continues, is to grant/restrict access to who can view or edit each document. By doing this, only those who are supposed to view a document can see it, even if the document gets forwarded via e-mail.
“It goes without saying that backing up your documents is absolutely critical. Whenever possible, a business should have its employees work on company cloud platforms. These platforms not only automatically save documents, but they also allow for multiple users – so if something happens, you will always have your documents available in the cloud,” he notes.
“Users must also verify e-mails from external sources, in order to prevent phishing attacks on the network. Hackers are making e-mails look increasingly authentic and users should think twice before clicking on any link in an e-mail. Instead, they should hover over the sender e-mail and hyperlinks in order to view the full address and verify it.”
As a final word of advice, he indicates that companies should make sure employees don’t overlook basic security precautions. It can be easy to overlook the fundamentals of good digital hygiene when one is very busy, but it is vital to always remain sharp.
“The business should send out regular reminders to its teams to sign out of all work-related programs after each use, to never repeat passwords and to change their WiFi passwords every other month.
“These simple steps may seem basic, in a world where most important work activity takes place on a protected network. However, when staff members are working remotely and all activity is distributed, the entire network is only as secure as the weakest link. Therefore, it’s up to management to implement these best practices and inculcate secure behaviour in employees to ensure a truly secure network – that allows in-house and WFH staff to reliably get their jobs done,” concludes Munsamy.