If you are working from home, we’ve created a quick list of things you need to consider to keep your data safe. If you wish to discuss your situation, or have concerns about digital security when working remotely, please get in contact with us!
Your Home network:
When using a personal computer for business use it is important to ensure separation between work and personal documents, settings, and security. Any computer used for business use should have an active antivirus running with the latest updates available.
If a personal computer is connected to a company network this may introduce viruses if the personal machines is compromised.
Ensuring you connect to your own secure wireless network (WPA2 and above is recommended), it is not recommended any public or unsecured networks are used as your data may be exposed to others. Your network security setting can be checked by logging into your router.
This link may provide assistance: https://itstillworks.com/check-security-wireless-network-6167740.html
Otherwise, your Internet Service Provider should be able to assist.
Separate User Profile – Personal Computer:
Having a separate profile will help ensure others can use your home computer with less fear of accessing your work data and applications. Where the only option is to use a home computer a separate user profile should be used if possible, as keeping data separate is key for company data protection.
Additionally, all company data should remain stored on company storage locations e.g. Microsoft SharePoint, the company shared drive or Microsoft Teams for security and retention.
This link should provide assistance for setting up a separate profile, please note you may need to resetup your settings in the new profile – https://www.webucator.com/how-to/how-create-second-user-account-windows-10.cfm
External data sharing method considerations:
- Using a VPN to connect users working from home on business supplied laptops works well and can be deployed easily.
- Retains security consistencies by applying permissions authenticated to the user connecting.
- Where avoidable it is not recommended a VPN is used for personal devices – personal devices can introduce security threats like Viruses as the state and security is unknown, company data could be compromised.
- Incompatibilities may be introduced as personal computers may not be at the recommended standard or operating system of business devices.
- There can be incompatibilities with users Home Networks that can require a lengthy fix.
- Sensitive company data could be shared externally to the organization.
- Unfortunately, like many remote technologies the connection will likely be slower than your typical in-office experience.
Remote Desktop Services (Terminal Server/Cloud desktop/Teamviewer):
- Deployment can be very quick, often a shortcut can be email for the user to login with their workplace credentials.
- Often quicker than a VPN, all processing is done on the server itself.
- Secure, all data remains on the server and can be restricted to stay in this environment.
- Resource needs to be increased as user load is increased for a consistent experience
- User can forget to close the session at the end of use, closing the window will not close the server session.
- There are other non-security functional challenges during this situation that may become issues in the future depending on the applications and server environment (I.e. if using TeamViewer and your workstation at the office loses power).
SharePoint / Teams
- Easily accessible on any device with Microsoft/domain credentials.
- Secure data with being stored in the Microsoft environment.
- Easy to collaborate
- Data sharing can be difficult to maintain, users could download or share files they have permissions to access.
- Data may be stored on home/personal workstations which may be a breach of privacy and security.
Our Top tips:
The ideal scenario is to use a company managed device so that policies and access can be controlled to minimise risks to your organization.
Where this is not possible reviewing the risk and limiting access where applicable is suggested to protect company data.
Files on Workstations
In the scenario of staff using personal devices. If you have sensitive private data you may wish to prevent users from downloading/syncing files to their workstations (I.e. through the use of OneDrive for Business sync tool). Only web-based access via Sharepoint would be permitted.
Enabling MFA (Multi-Factor Authentication) for all users is a great step towards protecting user accounts, this greatly reduces the likelihood of being compromised by a phishing attack.
Malware – health check
We would recommend as an additional step that files that home workstations receive a scan from a tool such as MalwareBytes. Please download and install to perform a scan.
This link should commence a download in your browser – https://www.malwarebytes.com/mwb-download/thankyou/
You may remove the software following this (as it may attempt to offer you an extension to the trial.
Dark Web Scans
Dark Web scans, monitoring the darkweb for published compromises is a service that can give you the upper hand on attacks. This service could allow you to change your password on any impacted services before attacks are made. Get in touch for more information.
In all scenarios, if you wish to discuss your situation or have concerns about any of the above, please get in contact with us!