Safe remote working

By the fall of 2020, 71% of employees in USA were working from home because of Covid-19 and new pandemic reality1. Also about 40% of employees in Europe were working from home full-time as a result of current situation2. Most workers who said their job responsibilities can mainly be done from home also said that, before the pandemic, they rarely or never worked remotely. Along with the change in work style and one in three employees switching to remote work new cybersecurity threats facing organizations have arisen. And while remote work offers many rewards in itself, it has also uncovered new job security challenges, mostly stemming from working outside of a secure and corporate network. Security and support departments do what they can to ensure employees have secure tools at their disposal, but it’s mostly up to employees to effectively implement company security policies.  Only the joint work of IT departments and employees, including adherence to best practices, can ensure the success of safe working outside the office.

Here is a collection of safe remote working tips that can be successfully implemented in any organization.

Work only on a company laptop
To ensure basic security and control over IT resources, remote employees should work only on company equipment dedicated to their work profile. Every company should provide an employee with a laptop/computer for remote working that is properly secured and managed by the company’s Helpdesk team with the ability to take over the computer remotely in the event of a failure or problem. It’s important that employees don’t succumb to the temptation to work on private computers, which typically aren’t properly updated and the IT department has no control over software that could pose a potential security risk.

Use corporate resources only with a secure VPN connection

Properly configuring a VPN is the basic and best practice to ensure the security of network resources provided to remote employees. With a VPN connection, the data exchanged is secured and encrypted, and the risk of data leakage is minimized. However, in order for it to fulfill its role, employees must be educated to always use it to share information while on the job and not to copy data from company servers to external devices that have not been properly secured by IT departments

Secure Wi-Fi
When working in the office, employees use a company-owned and properly configured Internet connection that provides them with a secure connection. When working at home, Wi-Fi along with the home router become the weak link, mainly through inadequate security and weak access passwords. In home environments, the default passwords of routers are not changed, leaving the devices vulnerable to unauthorized access. The best solution is to provide employees with company modems that provide a secure Internet connection. If this is not possible, employees should be educated about the need to connect only to properly secured networks and the use of public networks should be banned!

Systematic updates
New vulnerabilities are constantly being found in applications and operating systems, which are used by cybercriminals to attack users’ computers. Hardware manufacturers are usually quick to respond to newly discovered threats, but in order to counter them, one needs to regularly and continuously update computer software. That’s why it’s important to regularly update everything you have installed on your devices for work purposes and not delay the decision to update when working remotely until the last minute.

Secure software
Working remotely requires the right set of tools, including new programs and applications to ensure a Wi-Fi connection. However, if the presently installed computer software is not sufficient, a procedure should be created that allows users to safely download new software to their computers at home. Above all, the employee needs to know that downloading programs from an unverified source on their own is dangerous, as is downloading files from insecure websites. This type of practice should be banned, mainly due to the high risk of infecting your computer with malware.

Secure mail
In order to secure e-mail and exchange messages when working remotely, employees should use dedicated e-mail applications and additional programs, which enable (among others) encryption or signing of e-mails. Many criminals are taking advantage of the current situation to infect as many computers as possible with malware. They take advantage of the lack of vigilance of employees working in the comfort of their own homes, impersonating people from within the organization, forcing employees to click links or download infected files. The goal of any organization should be to create a clear set of practices that teaches the user to distinguish between phishing emails and regular emails.

Secure data
While working remotely, it’s especially important to make sure employees work properly with sensitive and confidential data. Policies such as not downloading copies of data to external devices, such as a private flash drive or a family member’s computer, as well as sending it to unauthorized email addresses should be clearly communicated as an unsafe activity, and employees should be aware of working with sensitive data. It’s also a good idea to educate employees to properly safeguard confidential work conversations from other household members who can easily come into possession of company secrets and privileges.

Transparent company policy
It’s not just system security that affects the safety of remote working. Almost as important is the formulation of clear rules for users that will in themselves reduce the security risks associated with remote working. In addition to guidance, one should also provide employees with an easy technical issue reporting path and answers to any questions they may have.

Security — not just digital
An important part of safe remote working is educating employees on how to safely store and destroy business notes and documents. When working from home, employees often write down important phone numbers or sensitive data on pieces of paper that ultimately end up in the trash. Most employees don’t have access to shredders, and throwing documents in the trash can end up leaking data.
Information that employees communicate orally in the presence of others in the household is also susceptible to leakage. Having loud business conversations while discussing confidential topics or company secrets can be exploited by a dishonest roommate who can sneakily begin gathering information about the company.

Fun fact
Even pets can prove to be domestic work hazards. Seemingly harmless pets can turn out to be real beasts while in a duel with the keyboard, so it’s always a good idea to lock your laptop and protect it from cats and dogs.