One of the upshots of the last few years – where COVID-19 has dictated the way we work – has been that many more business decision makers have come around to the idea that working from home can be not only viable, but a highly effective solution for many.
With that said, however, there has been an ongoing debate around whether working from home is a secure practice. The answer is not quite as simple as yes or no, and so we reached out to some IT professionals to help clarify. We heard back from one London-based company, TechQuarters, whose Managed IT Services London-based companies relied on all throughout transitional work-from-home period of 2020/21, and continue to rely on now. According to them, working from home can be secure, provided the right steps are taken.
How Secure is Working from Home?
The short answer to whether working from home is secure is: Yes. However, there are many different factors that can make working from home not secure. This is because the average person’s home-working setup – including their network, their device and their behaviour – is not always very secure. According to TechQuarters, who provide IT Support Services London businesses use, a sub-standard WFH setup can open a business up to a number of different risks, such as data leaks, financial loss, legal issues (relating to data compliance), and business outage/downtime. For this reason, it is very important that businesses that want to enable working from home should consider some of the following tips around proper remote work security.
Top Tips for Work-from-Home Cybersecurity
Security Software on Every Device
Working from home often means users are accessing company resources on personal devices – considering the popularity of bring your own device (BYOD) policies in business nowadays, this is to be expected. However, personal devices need to have the same level of security that company-owned devices have – meaning that every device that is being used for work needs to have a security software installed. Employers are advised to invest in a standardised solution that they can enrol BYOD devices onto.
Identity and Access Management
Identity and access management makes it easier for businesses to keep track of who is accessing company resources, where they are accessing them, and when. Companies should ensure that each employee has a single identity that they use to access all company systems and resources. As Microsoft 365 consultancy experts, TechQuarters recommend Microsoft 365 for its built-in Single Sign-on (SSO), and its Active Directory support.
As pointed out in the previous point, employers need to be able to manage when, where and how their employees are accessing company apps, data and systems. In addition to identity and access management, it is also recommended that businesses use device management, too. This is where they control which devices are capable of accessing company resources; for this to be possible, the company needs to be able to enrol devices – preferably incorporating some minimum hardware and software security standards that the device in question needs to have.
When businesses employ device management, they can enforce additional security standards, such as data isolation, password protection, and multi-factor authentication.
One of the biggest challenges with working from home is the fact that each employee will be using a different network to access company resources – as opposed to having a single, managed network in the office that employees use. There is in fact a relatively straightforward solution to this challenge – using a VPN can add a strong layer of protection to any network, even public networks. A VPN ensures that the data travelling between a user’s device and the internet is protected from snoopers.
Use Apps with Build-in Security
Some apps may be security risks themselves, if they have vulnerabilities that have not been detected – and this may be the case with apps that are not designed specifically for business. Comparatively, apps and services like those included in Microsoft 365 are designed for business, and therefore have a high level of security build into them, in addition to receiving regularly scheduled updates and patches to ensure their security is refreshed.