Secure Homeworking, Applying Cybersecurity from Home

Andrés Naranjo    17 March, 2020
Secure Telework, Applying Cybersecurity from Home

Sometimes changes occur in society and bring us new ways of addressing daily tasks, cultural, social or other changes that establish a new practice as a way of life to solve or ease a new reality.

That way, with the arrival of coronavirus in Spain, the terms teleworking’ or ‘home working’ are on everyone’s lips to try to maintain work activity while minimizing interpersonal contact to prevent further spread of the virus.

However, this ability to work remotely is not new, teleworking is very positive both for society and for the individual himself, as almost all studies on it show. As a case in point, teleworking involves fewer trips and emissions. In a few weeks, China has reduced its environmental pollution by more than 25%. Similarly, accidents on the way to work are also avoided. Another great advantage is that home working is family-friendly. If we can adapt working hours to other family-related responsibilities, worker’s quality of life is increased, and stress reduced.

Resources Required to Enable Teleworking and Its Risks

It is obvious that nothing happens for its own sake. For a change of this size you must be prepared, particularly at the technological level. Mainly, secure access to all company’s resources must be ensured, have a way to hold online meetings with the appropriate connections and tools, as well as a synchronization method of all this that allows managing the meeting agenda. Also access to corporate mail, network or cloud folders to share data and, of course, the devices to be used remotely.

But, like any change, there are drawbacks as well. When we work from home using our own technological means in terms of both network and devices, the company no longer has control over the cybersecurity measures applied if the company did not have this contingency planned.

Working from Home Securely

To begin with, the use of our own connection may generate a technological security risk for the company if it is not properly secured, both in terms of passwords and network segmentation. The work device should be isolated from other devices at home, potentially more insecure, particularly if they are managed by minors. In the same way, the system provided by the company must include the appropriate connection tools to transfer that connection to the company and, from there, secure the connections by using the usual perimeter security, for example.

Let’s focus on those essential solutions to ensure security when working from home:

  • Secure Connection to the Corporate Network: These conveniently-encrypted Virtual Private Network (VPN) services guarantee us, on the one hand, a point-to-point encryption of the connection, so that if someone ‘listens’ when penetrating into the communication, this would be illegible. These attacks, called man-in-the-middle, are usually more common than people might think (for example when using public Wi-Fi), and everything that happens through HTTP traffic, which is not encrypted, may be accessed. By the way, by connecting to the corporate network and “going out” to the Internet by its security measures we will be more protected and, if necessary, we will be allowed to access the Intranet or necessary network folders.
  • Robust Identity Management: Any remote access must imperatively avoid delegating access to the username / password pair. It must be avoided at all costs since a potential theft or leakage of them will surely end up with unauthorized access to the company’s resources. Here, two-factor authentication systems or adaptive authentication play a major role and that’s why cybersecurity companies have identity services that, in short, guarantee that users are who they claim to be.
  • Device Protection Tools or EDR tools, the evolution of old ‘antivirus softwares’ that perform a comprehensive and centralized management of the company’s security policy locally on the employees’ devices.
  • Awareness about the Responsible Use of Technology: There is no science that advances at a faster pace than technology, so its use must be considered continuous training since every day more aspects of companies are related with the use of technologies. It is highly recommended that all companies train their employees in the appropriate use of technological means. Currently, more than 90% of successful cyberattacks are related with human errors.

In short, whether due to the threat of coronavirus or not, your company may be considering allowing telework at least partly. This requires a study of the feasibility and risks in this regard. ElevenPaths has products and services to secure this digital transformation of the world of work.

Leave a Reply

Your email address will not be published.