Has working from home changed your Security risk?

The outbreak of COVID19 has forced many businesses to rapidly adopt remote working practices.

Those who quickly adapted to this change had well-defined and tested business continuity plans, which may not have been planned specifically for a virus pandemic but did plan for employees to be able to perform duties from home when necessary. 

Remote working is not as simple as providing each member of staff with a laptop and a VPN connection. Consideration should be given to the following to ensure employees are in the best possible position to work:

Security: If an employee does not usually work on a laptop ensure the device they are provided with is configured with a suitably hardened build. Do not allow the urgency of the situation to introduce unsecured devices onto the network.
Licenses: Where the remote solution involves staff using a VPN to access corporate resources is the current license model cost efficient for the likely increase in users?
Employee wellbeing: People will react differently to remote working. While some with thrive and actively enjoy being able to perform their work at home others may find isolation particularly challenging. The wellbeing of all employees should be considered and regular touchpoints between management and each member of staff should form part of the new BAU activities.
Collaboration tools: In a typical office environment, employees can freely interact with each other. Reducing communications down to email and phone calls is sub-optimal and consideration should be given to deploying collaboration tools such as Microsoft teams, Zoom or Slack to allow for instant communication and video messaging. Once again consideration needs to be given to ensure the tools are not used in a way that introduces security vulnerabilities.

Now organisations are adjusting to this new way of working, it is important to understand how new working practices affect their risk profile.

While certain risks are eliminated by employees working from home, new ones are introduced. For example, increased social engineering attack risk or risks of confidential documents printed or downloaded onto personal devices if a bring your own device model is used. 

Failure to understand the new risk landscape, and therefore not taking the correct mitigating actions, could cause damaging short term and medium consequences. 

Right now, the questions organisations need to be asking themselves are:

Do we need to change our working practices to help our staff work safely and effectively remotely?
Are we introducing any new security risks to the business by allowing homeworking? If so, how can we mitigate them.
Do we have the correct tools to maximise productivity during homeworking?
How can we minimise the impact on employee moral?