In a 2016 Gallup survey, over 43% of people employed in the United States spent time working from home1. The increased opportunities for employees to work from home has been enabled by the explosion of Internet connected devices, most importantly smartphones and home routers. Remote employees can now connect over the Internet to their company resources as if they were physically sitting in a cubicle.
While convenient for the employee and a cost savings for the employer, remote offices open a myriad of potential security threats not associated with a traditional office environment. A home office can be just as secure as a large company facility if common sense security practices are followed. The two biggest concerns for IT security professionals with remote employees usually are:
- Properly securing remote employee access to company resources.
- Ensuring remote employees are maintaining proper security.
Securing a home office usually involves a Virtual Private Network (VPN) router that allows a remote employee to connect a work computer to company e-mail, file shares, and other company network-based devices. The effectiveness and ease of deploying VPNs is the primary reason remote employee growth has exploded, but it is a main source of risk to a company. These devices, like anything that is connected to the Internet, are susceptible to attack and compromise, allowing attackers a jumping off point directly into the corporate network. For example, in 2018, malware called VPNFilter was found to have infected more than 500,000 home routers, the same types of devices that companies use to enable remote employee access.2,3
If you are working from a home office, here are some common-sense steps you can take to ensure your home office is as secure as possible and maximize your productivity. As a bonus, it will keep your IT security team happy.
- Only connect work devices to work devices. Do not connect your personal computer to the office VPN router and do not connect a company laptop to your home Wi-Fi if you have a dedicated work router. Isolate your work network from your home network by modifying your home router controls and setting up your work environment in a network segment separate from your home network. You can avoid security risks by not performing any work over Wi-Fi. Use a physical cable to your office VPN router if at all possible.
- Keep your devices updated, but only if approved by IT. Most office devices, even ones distributed to home employees, have a patch management tool installed to keep your laptop, phones, and other devices at a consistent, approved level. As a remote employee, this may require occasional checking and installing of patches if your devices are unable to be updated by the automated IT services. Your IT department should notify you when patches should be installed. Avoid the temptation to immediately patch when your work computer or phone reports a new patch is available. Wait for the notification or ask your IT department if it is okay to update to the latest version.
- Physical security is still important. You may live hundreds of miles from an office and no one knows who you work for, but thieves can still break into your house and steal your work laptop, router, phone, or any other valuable piece of electronics. Using a simple desk lock for your laptop is always a good investment. Having a lockable office room inside your house with a safe for physical documents is even better.
- Do a periodic security check. If the devices do not have Mobile Device Management (MDM) software installed, IT may require that devices be brought in periodically for updates and maintenance.
Working from a home office can be very productive for both the employee and employer. A few common sense precautions can make working from home just as secure as working in a major office.
About the Author
David Link is a Senior Course Developer for DarkMatter and works approximately 800km from an official company office. He has over 20 years of experience in network security, training, and course design.
1Annamarie Mann and Amy Adkins. “America's Coming Workplace: Home Alone” 2017. Retrieved from news.gallup.com/businessjournal/206033/america-coming-workplace-home-alone.aspx
2FBI Alert number I-052518-PSA. “Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide” 2018. Retrieved from https://www.ic3.gov/media/2018/180525.aspx
3Olivia Beavers. “FBI issues formal warning on massive malware network linked to Russia” 2018. Retrieved from http://thehill.com/policy/cybersecurity/389366-fbi-issues-formal-warning-of-massive-malware-network-linked-to-russia
Back To Blog Listing