Cybersecurity in the ‘Next Normal’: Minimum Standards When Working From Home
The white-collar workforce is likely to look very different long into the future. While some workers are already heading back into the office, the reality is that most of your staff likely want to stay home at least three days each week. We’re expecting to see more businesses offering remote workdays as a perk even after restrictions ease and ultimately come to a close. This means more businesses need to be implementing robust permanent measures and policies that address cybersecurity when working from home.
Increased cybersecurity risk when working from home.
Ransomware attacks have increased dramatically over the past 12 months as malicious actors take advantage of increased vulnerabilities resulting from work-from-home arrangements. In fact, attacks have increased in frequency so much that The Conversation referred to them as a “digital pandemic”. But the reality is that your organisation faces significant cybersecurity risks that don’t involve malicious actors.
When your team works from home, you have less control over the equipment being used to access your server and network security. You also face significantly higher risk of privacy breaches, especially where team members access personal data stored by your company from their homes. You need to take steps to protect your IT infrastructure from both internal and external threats.
WFH Cybersecurity Best Practices
It is a mistake to assume that your cybersecurity risk can be managed by your IT team. Cybersecurity risk management involves careful preparation and planning that reflects the risks posed by:
- technical weaknesses and vulnerabilities,
- operational process flaws, and
- your biggest cybersecurity threat, your staff.
Cybersecurity When Working from Home: Best Practices for Your IT Team
Current technical cybersecurity best practices include (but aren’t limited to) reliance on:
- Secure access mechanisms (including multi-factor authentication and enforced strong password requirements).
- High-quality security software.
- Virtual desktops or Desktops-as-a-Service (DaaS).
- Robust corporate firewalls.
- File integrity measures.
- Incident detection protocols, including DNS, operating system event, and email server logs, as well as web proxy logs.
- Activity detection mechanisms that look for rapid file copying or changes, usage outside of business hours, excessive printing, data transfers to unauthorised or irregular third-parties or removeable data storage devices, and unauthorised or irregular data access.
These technical measures should be supported by the appropriate policies and training.
Operational Cybersecurity Measures for Work-From-Home Employees
Your IT team should work with legal counsel to develop robust guidelines and implement a Bring Your Own Device (BYOD) Policy or similar guidelines on the use of employee-owned devices (laptops, phones etc) to access organisational systems and process corporate data. These policies address employee and employer obligations u which should include, at a minimum:
- Mandatory security software for any device used to access company networks.
- Network requirements, include use of a VPN.
- An outline of the extent of the surveillance of the employee’s personal device.
- Password and 2-factor authentication requirements.
Reducing the Cybersecurity Risk Posed by Your Team
As work-from-home arrangements become a privilege or perk, not an obligation, organisations are in a better position to demand that certain standards and requirements are met. You should implement mandatory staff training for workers who will continue to work from home. This training should address:
- Why cybersecurity matters.
- The types of errors that often result in cybersecurity and privacy breaches, and how to prevent them.
- An overview of common cybersecurity risks, including phishing, spear phishing, and an overview of social engineering.
- How to ensure your devices are secure.
- First line of response if you think something might be wrong.
Further Resources with Guidance on Cybersecurity When Working From Home
Develop Stronger Cybersecurity when Working from Home with Privacy108.
Privacy108’s lawyers work with organisations to improve your cybersecurity protections.
We develop cybersecurity programs that address technical, operational, and personnel-related risks, and provide guidance and oversight while you implement the changes.
We also develop and deliver tailored privacy and security awareness training targeted at your organisation’s requirements. You’ll receive high-quality training from a leading privacy and cybersecurity lawyer, as well as supplementary resources to help upskill your team.
Want to receive updates like this in your inbox? Subscribe