The Impact of Increased Homeworking and Keeping your Business Secure.

With the current situation for self-isolation if you have symptoms, more people are being urged to work from home. This may present a risk to your business from a cyber and information security perspective. We have put together some guidance on how to maintain your business’ security and integrity whilst continuing to operate successfully.

The most secure way for your staff to work from home is to use company-provided devices (laptops, mobile phones, etc.) connected to your networks via VPNs (Virtual Private Networks). If this is not possible, staff could use their own home devices, however, checks should be made as to the age of the device and the operating system it uses. For laptops, nothing older than Windows 10, for Android devices, nothing older than version 8 and for Apple devices, nothing older than version 13. Anything older may not be supported for software updates, leaving those devices vulnerable to virus attacks and hackers.  

Make sure staff know that both company and private devices must be regularly scanned by the antivirus software and any updates to all software should be installed as soon as available. Not everyone knows to apply updates automatically so it is worth reminding your staff that they must ensure all updates are installed as soon as they are available and give them support to do that if they are not technical.

Also, all devices being used for business purposes MUST have suitable antivirus software installed. There are several good, free options available. 

If VPN connection is not available, private home WiFi can be used but this MUST be password protected and NEVER use open public WiFi to conduct business/send emails/access bank accounts. If a secure access point is not available, use the hotspot function on your mobile phone (that has antivirus installed) over the 4G network to access data.

If a staff member’s home device is being used, ask them to ensure it is password protected. If it’s a shared device, any work files or folders saved to the device MUST be password protected and encrypted. When working from home, conduct yourself as if in the office. Do not leave devices unlocked when not in use. Ensure no one can read over your shoulder. Phone calls and video conference calls should be made in private.

And one last thing, when the crisis is over think about what data may be stored on those home devices and have it securely erased (particularly if it is highly sensitive or contains personal data, and not encrypted) or you may well find you have left a future data breach waiting to happen as home users often resell devices or take them to the local dump and are unlikely to follow secure disposal procedures. Secure disposal also applies to shredding any printed company information – many people may have personal shredders at home that they can use.  If they don’t then they should be encouraged either not to print sensitive information or find another way to destroy the information – company prints should not go out in the trash.