Working From Home: 5 Security Mistakes To Avoid

Working From Home: 5 Security Mistakes To Avoid

Work from home security has become a top priority for IT managers and professionals across the world this year. If your company is used to having most staff in the office, adjusting to significant scale work from home takes some adjustments. Fortunately, there are a few simple steps you can take to mitigate this risk.

The Top 5 Work-From-Home Security Mistakes To Avoid

 Carefully review this list of security mistakes and ask yourself whether your organization has evaluated these risks.

1) Ignoring Physical Security Changes

When your employees are working from the office, you can rely on that location’s physical security measures. For instance, you have the benefit of security guards at the entrance to the building and security cameras. You may also have security key cards for each employee. Finally, it’s easy for managers and colleagues to notice bad habits and provide quick feedback to improve security. Large-scale work-from-home practices change all of that. If you operate on a “business as usual” basis with physical security, you are going to expose your organization to increased security threats.

2) Failing To Communicate Security Best Practices To Remote Staff

In 2020, large-scale work-from-home is one way organizations have responded to the pandemic crisis. Your employees are doing their best to continue delivering on their work. However, you also need to realize that they may be worried about their families, their careers, and society. With all of these concerns, employee security habits may suffer.

From a management perspective, it’s a mistake to simply assume your staff will continue to sustain all security best practices. First of all, some of these habits and processes need to be adjusted, given the work-from-home context. Second, an IT security incident doesn’t require a widespread failure of controls at your organization: all it takes is one careless person to cause a significant security failure.

3) Failing To Provide Tools and Technology To Facilitate Secure Remote Work

When large-scale remote work arrived in March, companies scrambled to send their staff home in response to the crisis. Some professionals were already experienced in remote work. Many others were brand new to the experience. Since less than 50% of Americans work from home regularly, according to CNBC, many people likely lack the right tools and equipment to work from home effectively.

Depending on your resources, your staff may have some or all of the following tools and technology to work remotely:

  • Reliable broadband Internet service. Consider that many households will have multiple users placing heavy demands on connections (e.g. children at home and multiple adults working from home). This may lead employees to seek less secure work options (e.g. using nearby public wireless networks).
  • Access to corporate networks (e.g. Virtual Private Network). Your corporate VPN and similar infrastructure are likely under an increased level of pressure.
  • Computer and related accessories (e.g. mouse, power adapters, etc.). When your staff is physically comfortable, they are more likely to pay attention to details like security precautions.
  • Secure Communication Services. Keep in mind some communication tools have better security than others. Conventional conference calls with PIN codes may be superior to video calls from a security perspective. If you do plan to use digital voice and video communication, research whether any of these services have been officially discouraged by governments or large companies (e.g. Fortune article: “Zoom stock down after schools and businesses banned the meeting app over ‘Zoom bombing’ security issues”)

4) Failure To Adjust IT Security Monitoring and Testing

IT security requires constant vigilance. For example, there are reports of new phishing attacks claiming to represent government financial aid programs. In other cases, fake websites and advertising are attempting to make misleading claims about pandemic-related products. These developments have implications for IT security. That’s why your monitoring and testing practices need to be updated in light of these threats.

5) Failure To Adopt Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) is one of the single best ways to increase security. Without this practice, an enterprising hacker only has to guess a password to gain entry to an IT asset. With MFA, that break-in process becomes dramatically more difficult. In the past, you might have implemented MFA access gradually to give time to adjust. That perspective needs to change to maintain security. We recommend aiming for “100% MFA” as your goal. Equip every remote working employee with MFA access. Likewise, equip your IT help desk to answer questions on ways to improve security.

How IT Managers Can Better Support Their Remote Staff

IT leaders have an essential role in supporting work from home security. Ideally, you will develop a response that addresses each of the mistakes outlined above. However, some of those measures will take longer than others to implement. To reduce security risk as quickly as possible, focus on quick wins. Specifically, reinforce and extend your existing practices.

Start with increasing your communication with staff. Some companies are sending weekly “pandemic communications” to their teams covering a variety of topics. Ask to include an IT security note in one of these messages. Your initial message might be to offer support (e.g. how to get help with VPNs, passwords and the like. Second, if you already have multi-factor authentication in place, now is the time to increase adoption! Reach out to managers and ask them to encourage their staff to increase MFA usage.

Ease IT Security Burden For Your Staff In Two Ways

Your staff is under significant pressure in these crisis conditions. Unemployment rates are up. Many industries are entirely shut down. Even if your employees are only impacted indirectly, these developments still take a psychological toll. That’s one reason you need to make security tasks easier for your employees.Looking at the medium and long term, it is essential to balance user productivity and IT security. That’s why you should look for ways to automate everyday IT security tasks. Use an IT security chatbot to handle simple tasks like password resets. Manage user access on a group level to minimize the use of exceptions. Use Avatier’s identity and access management software solutions are here to make IT security easier.

Written by Nelson Cicchitto