Blog / Everyone’s Working From Home Now – It’s Time to Stop and Smell the Roses…
Working from home is a real thing for a lot of us and not something we can just grumble about by the water cooler from time to time. It’s great to see so many people being able to do this now.
However, there’s a real problem with this impacting the Security situation an organization may have. The reason is simple: Most places were not prepared, as they had to get everything set-up in a big hurry.
Well, now it’s time to take stock of the situation and see if something might have been missed. To ask a few questions and look at the situation. Just because everything seems to be working, doesn’t mean it’s not broken.
So, what I’d like to do is go through a few questions to ask yourselves about your Remote Work from Home setup, and go into why you should ask them. Even though this is a Security-based newsletter, not all the questions have a Security-linked reason to ask these:
1) Did you provide locked-down equipment for your employees to use from home?
This is a serious question. If you’re allowing people to connect their personal devices to the corporate network, maybe you haven’t considered the massive risk that you have decided to take. Personal Computers are connected to their home network and probably linked with other personal devices (smart phones, TVs, etc.) This means that any infection on that Personal computer now has access to your corporate network. This also means you are vulnerable to Phishing scams coming into your corporate email, AS WELL AS your employees’ personal emails.
Now then, I realize that providing laptops to all your employees is an expensive idea. Also, not every organization is going to have enough portable computers to go around. Strangely enough, when this all started to go down, there were a LOT of organizations purchasing a LOT of laptops, so supply could still be an issue. Maybe think about having some employees take home a desktop & monitor to use. The risk reduction is well worth putting effort into, making sure everyone connecting is making use of a machine set-up by your organization.
2) Have you provided useful guidelines to your staff?
One of the major hang-ups that management has with working from home, is ensuring that people are doing their work. Thus, it’s very easy to put down some incredibly strict rules. However, schools are out, and the kids aren’t allowed to simply run over to their friends’ house. You need to make sure to work with your staff, to provide helpful instructions and making useful rules.
It’s easy to say: “Set-up a home office.” The real-world problem is that if you never needed a home office before, there may not be enough useful space to make one, especially if you have a family. Being flexible with your employees will help reduce their stress levels, which will directly reinforce your Security posture, because they’ll feel less stressed than they could be. If someone who’s forced to be at home with their kids doesn’t have sufficient room and needs to be on the phones for you, then the options are to either not have them on the phone at all or re-set your expectations to the fact that they’re doing the very best they can, given the circumstances, and that you’ll inevitably hear children in the background. After all, a 2-year-old (or family pet) jumping into a conference call for a moment, could be a good way to help relieve the tension.
3) Do any of your normal, day-to-day processes, need to be changed?
Have your staff (IT and otherwise) give this a good think. Try to get them to spot problems, before they happen. This way you’ll have a chance to solve them prior to becoming critical.
Example: You provided PCs to your workers and they connected to the company VPN. They logged-in to the computer with their Active Directory information, stored on the domain controller. What occurs when they need to change their passwords? If they do it the normal way, those changes get saved on the domain controller, but due to the VPN connections, they don’t get sent to the PC. This means they need to change their passwords in a different fashion than they did before. If they don’t, they will get locked out of their computer, which is at their home, and which you will need to send your IT staff to, in order to repair…
A friend of mine who works for a financial institution in rural Saskatchewan talked with me about this password issue last week, so it’s a very real situation. The changes you’ll need to make, in order to adjust to the situation, are more than just how the phones are handled.
4) Can you separate the device they connect with from their home network?
This is another serious question. For much the same reason as providing them with a device to connect with, protecting yourself from the low Security cesspool that are peoples’ home networks, is a question worth looking into. I know that folks’ home networks have horrible Security, because when I move, it’s entirely possible that I might have the habit of poaching nearby WI-FI signals, until my Internet is set-up. Keep in mind that’s purely a hypothetical probability on my part.
Remember that while being able to host multiple SSIDs is normal for pretty much any level of business class equipment, it’s not normal for consumer grade equipment. It’s also not likely that your staff will all have the same equipment. At best, this is a nice to have option that shouldn’t be ignored, but also shouldn’t be pushed too heavily. For the most part I’d keep this idea in your back pocket, as something to use if “problem users” crop up.
So, as I said, some questions you might want to think about. A few of these relate to Security in a very direct manner; others, not so much. In the rush to get this in place, they may all have been things that were overlooked or considered not critical, in the face of getting stuff moving. Well, things are working now, so it’s time to take a breath and inspect what’s been set-up, to see if there’s room for improvement.
If you have any questions about Work From Home systems for your employees, please reach out to your TRINUS Account Manager, for some stress-free IT.
By Kind Courtesy of Your Friendly Neighbourhood Cyber-Man.