Five ways to make working from home as secure as working from the office
It’s as unfortunate as it is unsurprising: out there in the darkest corners of the internet lies a gaggle of scammers ready and willing to exploit the Covid crisis. There’s been a global increase in phishing using people’s fears about Covid as a lure - at TalkTalk alone, we saw a 100% increase in phishing emails reported to us during April, compared to preceding months, highlighting just how prolific the problem is.
When people work from home, your business is more vulnerable. As well as connecting through residential internet lines and being more likely to rely on personal devices, they’re also just not as close to the IT team - and so less likely to be able to quickly flag anything suspicious in person.
Back in April, the United Kingdom’s National Cyber Security Centre (NCSC) and the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued ajoint advisory ‘COVID-19 exploited by malicious cyber actors’, which lists the threats observed across the two countries, including, in addition to phishing, malware distribution, registration of new domain names containing Covid related wording, and attacks against newly (and often rapidly) deployed remote access or remote working infrastructure.
Fortunately, there are some effective steps that businesses can take to better protect confidential information, critical infrastructure and employee well-being, while we’re working from home. Here they are.
1) Employee education: devising an internal comms security strategy.
Letting colleagues know what’s expected of them and the support available to them is incredibly important when you’re not all in one place. Now they can’t nip over to the IT department wielding a crashing laptop, they have to feel comfortable getting issues resolved by other means.
Review your existing policies to ensure they’re fit for purpose amid your new ways of working, but, importantly, only communicate what’s new to your workforce. People won’t realistically sit and re-read what they (at least theoretically) already know. So, pick out what’s important and communicate the key facts: when to flag something to IT, and how.
That, plus some remote working ground rules, will serve to protect you well. There will be nuance and complexity within your own policies of course, but the three key pieces of remote working security etiquette are:
Don’t use unapproved collaboration tools. Get them to stick to what you’ve assessed and ensured is safe. Nobody should be using Zoom if Teams is your company-wide video conferencing tool. Password protect meetings, and ask users to verify everyone who attends meetings, especially if they join anonymously using a dial-in.
Be wary of Covid related phishing emails. There are a few obvious signs of a phishing email. They should be naturally suspicious of an unsolicited email anyway, but in addition, look for spelling mistakes, strange email addresses, hovering over the links to check the URLs (don’t click though!). When giving this advice to your colleagues, it’s worth a quick Google to pull up some examples. If any phishing emails do get reported to you from inside your organisation, make sure you quickly make employees aware of it and remind them not to click.
Secure personal devices for home working. Ask employees to practise good security on their personal devices, such as applying automatic updates, using antivirus protection and using a password manager. This blog by the National Cyber Security Centre gives a lot of detailed recommendations. You should also ask employees to apply a strong password to the administrative panel for their home routers.
When it comes to rolling out these communications, the best method of delivery varies between companies - culture, size and tech-savviness of staff all play a role. The most critical thing is to ensure everyone knows exactly what to do when they’re not sure - i.e.: report anything suspicious to IT. While you might use a remote all hands, periodic email updates or the intranet to communicate your security policies, consider adding a ‘report anything suspicious’ line to your team’s email signatures to keep that message front of mind.
2) Network level protection: malicious site / content blocking / virus protection.
Installing protection at the network level removes a lot of risk, because you’re not relying so much on each employee remembering best practice. While most businesses will already have antivirus software installed, you may think network level protection is off limits while people work from home. I’m here to tell you, you’d be wrong! At TalkTalk Business, we’re now offering business fibre lines to residential properties to help companies adjust to new normal ways of working.
Along with the other benefits you’d expect of a business connection, that means we can give your business more control back over your network. Our WorkSafe®️ network level security comes as standard with our new Homeworker packages - all devices using your internet connections will automatically be filtered, giving your business instant protection from malicious sites and internet misuse.
Our WorkSafe block lists stop employees getting anywhere near sites that have known viruses on them. They’re constantly kept up to date, and Covid-19 scam domains are added to them as they’re found, so you can rest easier on that count too. We invested heavily in our DNS platform, which offers a level of virus protection while delivering web pages fast to maintain an excellent browsing experience.
We subscribe to a number of threat feeds and have been passing all high-quality feeds that we find through to our DNS service provider, to ensure they analyse the domains for inclusion in their block lists. Once added to the lists, any customer who uses our DNS will be blocked from accessing these domains.
3) Endpoint protection: static IPs.
Static IPs are included with all TalkTalk’s business fibre packages at no extra cost, but this isn’t always the case with residential broadband products. They could offer increased security and protection to your business while your employees work from home, and are vital if you want to access your computer remotely or run a website or server.
For businesses relying on VPNs, static IPs can add a further level of insight and control. By assigning dedicated IP addresses to individual devices, you can see who your network’s serving and better identify any rogue login attempts.
You can also use them to manage fixed assets like CCTV and alarm systems, which will be especially handy if you’re leaving offices, warehouses or factories unattended for long periods of time.
4) Take security seriously: think forward to SD-WAN.
SD-WAN provides greater network visibility and control. Real, tangible benefits when your network is more distributed than ever. SD-WAN comes with numerous security features, ready to be enabled, helping you get the best from your available bandwidth, monitor applications and prioritise traffic.
5) Endpoint protection: apply Bring Your Own Device principles to owned devices.
Whether employees are using business or personal devices to WFH, it’s important to think about the many and varied endpoints accessing your network. To keep them as secure as possible, think about applying Bring Your Own Device security principles even to owned laptops and phones. Ask users to install antivirus software on personal devices, and ensure they run updates when prompted on their own or business hardware.
Making homeworking more secure–
There’s a lot to think about when so many of your colleagues are accessing sensitive data and business critical infrastructure from home. Pulling them onto a common, business-grade network can help to eliminate some of these concerns.
That’s why we’re offering business fibre packages for homeworkers. These business-grade connections come with all the security features referenced above - WorkSafe, a state of the art DNS, and static IPs, so you can rest assured your IT infrastructure is being looked after. Get in touch now to discuss the Homeworker package that’s right for you, or find out more.