At-home Information Technology Security is Difficult but Not Impossible to Achieve 

Follow me

You won’t be able to provide the same level of security to employees working from home as you do in the office, but you can come close. Here are some ideas to think about.¬†

Midway through March, the COVID-19 quarantine was implemented, resulting in the creation of a never-before-seen situation in which the number of remote workers exceeded expectations. 

According to Sean Gallagher, a security researcher at Sophos, the only event on this scale that can be compared is the September 11, 2001 attacks. “It wasn’t a national phenomenon like this, and it wasn’t even close for this period,” she explained. “This is a national problem.”¬†

Gallagher was employed by a New York corporation but worked in a remote capacity from Baltimore. Everyone who worked with him in New York had to relocate for several weeks. 

“We had to figure out how to operate without the office for nearly a month,” he says, and this was a challenge for the team. “However, that was unique to that location. The scope of this problem is significantly broader.”¬†

Regional VS. international 

The closest comparable event to COVID-19 that most businesses have probably encountered is a hurricane or another natural disaster, all of which are localized. This quandary has grown beyond any strategies that firms had in place to deal with remote workers, and as a result, an unprecedented level of insecurity has emerged. 

“It’s not something that most firms would have had in their disaster recovery continuity business plan,” Gallagher says. [Citation required] However, this circumstance is by no means unique in terms of the requirement to be able to handle ongoing operations flexibly despite the presence of personnel who are absent from the office.¬†

According to Bob Moore, director of server software and product security at Hewlett Packard Enterprise, widespread use of remote work exacerbates the human factor, which “is frequently‚ÄĒto be honest, always‚ÄĒthe most uncontrollable component of cybersecurity risk.” Furthermore, the widespread use of remote work exacerbates the human factor, which is “often, if not always, the most uncontrollable component of cybersecurity risk.”¬†

Even though large corporations can set things up so that some employees can telecommute until recently, very few of them made the effort. What changes must be made if the current security measures and tools are insufficient for you to consider the situation satisfactory? 

A small group of highly knowledgeable security professionals was asked three questions

These were the responses they gave. 

What precautions can you take to ensure the security of your workspace while working remotely? VPN, anti-virus software, and multi-factor authentication 

The first piece of advice we received from all of the computer security experts we spoke with was to install a virtual private network (VPN) on your computer. This ensures that all of your online activities take place on your employer’s network, rather than your own, which is less secure and more vulnerable to intrusion. This is just one example of how remote location security differs from office security.¬†

“In a workplace environment, you typically have a well-structured and highly controlled work environment where there are tight measures and controls on the type of traffic that can flow, what type of authentication is used, and what type of data can be stored,” says Tim Ferrell, a cybersecurity architect at HPE. “You typically have a well-structured and highly controlled work environment in which there are tight measures and controls on the type of traffic that can flow.”¬†

Yes, according to the majority. “Firewalls are present at the majority of enterprise or commercial locations,” says Mick Wolcott, partner at Goldman Lockey Consulting in San Francisco, “and a networking team is responsible for monitoring the network.” “Whereas at home, you’re mostly just using Comcast, AT&T, or something similar, and you don’t get a behind-the-scenes look at how we analyze the traffic that comes in. We are unable to determine whether or not malware has been downloaded, as well as the location where it was clicked, and we are unable to monitor background activity.”¬†

As a result, protection against viruses and malware is insufficient

You must also ensure that your security is consistently updated. Furthermore, you should always be on the lookout for phishing attempts. You should always maintain the highest level of awareness when dealing with the vulnerability of messaging on your remote connection and your personal computer. This is especially important when the computer is shared with other members of your family or is also used for your business. 

The next step is to implement two-factor authentication, which, despite its increasing popularity, is still not considered mandatory. Even if it is a difficult time to implement two-factor authentication, you should consider it because it is the most effective method of preventing phishing and other authentication attacks. 

Gallagher raises another possibility, one that is both obvious and unexpected: using web-based versions of the tools you use at work. 

“If you can accomplish the majority of your job by using internet services through a browser, you can separate the corporate data from the personal data,” he says. “It’s a win-win situation.” Using browser-based versions of Microsoft Office programs, now known as Microsoft 365 apps, rather than locally installed programs, is a prime example of this principle.¬†

However, by using a VPN, implementing Two-Factor Authentication (2FA), and keeping your antivirus software up to date, you have eliminated a significant portion of the risk model for people who work from home. The majority of the rest, according to Gallagher, is “gilding the lily.”¬†

However, he believes that the overall approach to firm security must be a sector-wide shift to a zero-trust model. 

“Assume that both your corporate and end-point systems are operating in hostile waters and that some type of compromise is occurring at any given time,” he says. “This is true for both your corporate and end-point systems.”¬†

“The days of a hard perimeter and a soft inside are long gone,” according to Ferrell, and as a result, we have come “a long way.” “Because the perimeter is now so permeable, it primarily serves as a checkpoint for people entering and exiting. However, you must assume that anything connecting to your network is malicious and deal with it accordingly. You work under the assumption that every remote device contains potentially malicious software.”¬†

What steps should your company take to ensure the safety of its employees? Establish central command

“As a long-term strategy,” Gallagher says, “you want to ensure that employees have access to a device that is managed by the corporation and is locked down for specific usage.” “Alternatively, you could use a model in which each person has access to a remotely controlled virtual machine that they can install on their own. As a result, this gives them the option of performing work-related tasks on their home computer while also allowing them to separate the home computer from the virtual device. Furthermore, I believe that a significant number of businesses are working toward this goal.”¬†

This is an expense that affects businesses of all sizes, from the smallest to the largest. However, the time for cost-cutting measures may have passed. 

“One of the major things I believe I have not discussed because we were primarily discussing network security is the importance of backups,” Wolcott says. “We were mostly discussing how critical it is to protect your network.” “We’ve had quite a few horror stories where someone clicked on a fraudulent link, downloaded it, and then it encrypted [and] held their entire computer for ransom,” the spokesperson said. While industrial espionage is rare, the prevalence of ransomware has resulted in the formation of organized criminal groups with names like Maze, Ravil, and Ragnar Locker.¬†

How can you plan for something that cannot be planned for? Process and policy modeling, as well as potential threats

Simon Leech, the senior adviser for security and risk management at HPE Pointnext Services, advises, “Don’t let the company define the security policy for you.” Many businesses, according to Leech, will be in a hurry to adapt to the concept of remote working, even though they shouldn’t be. “The security team should not allow a flaw to be introduced by installing technology quickly and insecurely,” as this could result in a security breach.¬†

According to Ferrell, it should also not prioritize collecting shiny objects over developing a robust process. 

He goes on to say that because the product is the “shiny object,” everyone’s attention is drawn to it. “To deal with some of these challenges, they will go out and buy a nice new modern instrument, but they will completely disregard the procedure and the policy. Even the most expensive and beautiful instrument in the world is worthless unless it is wrapped in a method that allows it to function properly.”¬†

Executive guidance on enterprise information technology security 

  • Organizations that are committed to best practices are best positioned to manage quarantines securely.¬†
  • If safety is a top priority, there is no way around paying money today to mitigate the risks associated with working from home.¬†
  • You should be fine if your employees have access to a virtual private network (VPN), two-factor authentication, and up-to-date antivirus software.

Related Posts