Remote working and 3 security risks
For some employees, remote working can be the most convenient thing of all, while for others, it is a terrible torture. But one thing is for sure – it is a lot more insecure than working in the office for everyone.
Home internet connection
If an employer asks their employees to work from home and allows them to use their personal home computers for that, then it is convenient for both parties (one does not have to worry about their property and the other can work with a device they are familiar with), but in general, such a decision also means making concessions in security.
For example, the employer may ask what kind of a computer the employee can use when working from home and then decide whether it is suitable for remote work, but usually, they have no idea what is actually going on in the employee’s home network. Luckily, most people who must work with sensitive information use VPNs to create a connection with their employer’s network. This ensures that the connection between the two devices/locations is made secure whilst not affecting either device directly. Both the employer and employee should think through any probable security holes. What other devices are using the home internet connection in addition to the work computer? What are other family members doing when connected to the same network? What kind of a router are the employees using? How is the home internet connection protected against external dangers? Are the home devices using isolated resources? Is the home WiFi password protected and if so, who else knows the password besides the family members?
With remote working, employers cannot always check which devices are being used for work purposes. Undoubtedly, everything could be done on one’s home computer, but at the same time, it is also really convenient to use the spouse’s laptop, a tablet shared with the kids or an old smartphone instead – and the employer might not have (and does not have to have) an overview of those devices. I would strongly recommend thinking about how your home smart devices are protected from unwanted guests and what steps you have taken to ensure that your data is protected.
Make a firm decision on which devices will be used to work from home and create separate accounts on them that only the employee has access to. Take care to ensure that all devices have up to date software and that all work devices have proper security software installed on them.
Remote working does not mean that you stop communicating with your colleagues. Rather, the opposite may happen, and people may be communicating even more than in the office. This creates multiple security holes, but luckily, they can be prevented. If you are using an acknowledged secure communication solution in your company (e.g. MS Teams, Slack, Google Workspace), then all internal conversations should take place there. Even if you are tempted to use the same app that you use to exchange pie recipes to ask a quick work related question, then you should resist that temptation and think about whether a global ad network messaging app is secure enough to talk business there. The same applies to using your personal e-mail address, regardless of whether it is on Gmail or another well-known solution where no one adequately knows how secure it is and which is actually used for displaying ads. You should apply the same logic when choosing other messaging apps, mainly on mobile: are Telegram or Whatsapp suitable for confidential conversations?
When switching to remote work, you should above all use common sense and follow your employer’s recommendations and requirements. If you suspect that an activity, an app, or a device is not secure enough, then talk to your company’s IT department instead of relying on advice from a friend or a blog article you found online. This is especially important because even if on the surface, that advice seems neutral and good, then it may not comply with your employer’s security policies.