What are the cyber security risks around working from home?
There are many to consider. Depending on your industry and the type of data you collect and store, some are more critical than others.
Home networks: Usually residential networks rely on consumer grade routers with no intrusion protection or advanced security services. In addition, they have other unsecure devices like IoT devices, games systems attached. They may offer weak WiFi protection as well.
All these open these networks to additional risk of attacks, often without any awareness.
Secure VPN Connections: These should be used in ALL cases where access back to a central office is needed. In most cases, connecting to the VPN will then filter traffic for that device though the corporate router.
Single-Sign On (SSO):
While cloud services can be a wonderful way to stay connected and access work, ensuring that it is secured is critical. Where possible, get as many cloud applications talking to a central identify provider. There are solutions for clients with and without servers. When a user is added or removed access is then updated accordingly across all systems. This method also allows you to maintain password rotation and other high-level security policies.
Employee vs Corporate devices:
What is your team computing on? If corporate owned and managed devices, then you can ensure those are secure and have your security solutions loaded. When staff begins to use their own devices, you lose control of security and risk your data being stored on devices you do not own or manage. Based on your industry, this can be a huge issue.
Remote working policies and procedures:
Does your team know what you expect and how to move forward? Most firms raced to work from home but spent little time on formally documenting expectations around data security and privacy risks. Take some time to meet and get everyone on the same page around how to work smart from home.
Social engineering attacks:
With more of your team working from home, its easier for attacks to seem more legitimate. Phishing attacks are on the rise as many have their guard down do to changed routines. Routine training and awareness about company procedures, especially around financial transactions and access to systems is a must. If your team is not using instant communications software to stay in touch, consider it as email is still the most effective conduit for attacks. Use phone calls, virtual meetings, or instant messaging to confirm critical actions.