happier IT Inc.

View Original

Working From Home: The Security Implications that Every Owner/Executive Should Be Thinking About

Due to the COVID-19 pandemic, many businesses have shifted their workforce to accommodate staff working from their homes.  During the first few weeks, the concern was getting staff setup on their home computers, however, the concern has now shifted to securing those workstations.  Now that staff are operating from outside their corporate offices, we must focus our attention towards cyber security, privacy, compliance and intellectual property protection implications and create a plan to minimize risk.

Understanding the Risks

Cyber Security

Cyber criminals are highly aware of the current situation and are using this disruption to find new ways to attack.  Here are some of the ways cyber criminals are attacking today:

  • Using employees home computers as a way to steal data

  • Using employees home computers to infiltrate corporate networks

  • Using employees home computers to deploy ransomware and encrypt corporate data

  • Looking for newly-exposed terminal servers and using known password combinations (for sale on the Dark Web) or brute-force “password guessing” to gain access to these servers

  • Using denial-of-service attacks to overload VPNs preventing users from connecting (and demanding a ransom to stop)

Privacy & Compliance

Privacy in Canada is protected by the Personal Information Protection and Electronic Documents Act (PIPEDA), and for some provinces and industries, there are further privacy regulations. Depending on the work-from-home method(s) you have provided for your staff, you may be out-of-compliance with these laws/regulations. For example, if your workforce is using their home computers to access corporate information through a Virtual Private Network and they copy a file to their local computer, or if their home computer becomes compromised by a virus/spyware/ransomware, a data breach has occurred.

Employee Data Theft / Intellectual Property Protection

Many experts are projecting that current work-at-home arrangements will lead to an increase in Data and Intellectual Property theft by employees. When working from home, employees have access to view and copy data to their local computers or USB drives. The leading reason for the expected increase is that employees are working from home, and they feel less likely to be caught because there is no physical supervision. Additionally, if employees are working from home computers, there is no protection or monitoring in place to prevent copying data to their computers.

Use of home computers

The use of home computers has been pervasive during the COVID-19 work-from-home transition. Many users with office computers needed to get working quickly and the easiest option was to have them work from their home computers.

Home computers are personally owned and aren’t protected the same way your office computers are. They do not have corporate security software or policies installed, and many are out-dated, unpatched or contain software that is susceptible to attack.

Connecting these home computers to your network through a VPN further increases risk by providing viruses/ransomware/spyware and even live hackers an open door to your network.

Use of home computers should only be a short-term solution until a more secure solution can be implemented.

A more secure future

There are a large number of ways that organizations have implemented work-at-home today, but there are three (3) general ways to work from home securely.

1. Enable staff to work on their office computers from home

Many organizations have desktop computers in the office that their staff use when at work. Using a secure remote access tool your employees can access their office computer directly from their home computer. This solution is highly affordable and secure if using a happier IT recommended remote access tool. This is great for many organizations but could not be suitable if the internet connection at your office is slow or unreliable, or if you have stringent compliance requirements.

happier IT’s recommended solution for this is Splashtop Business Access. Tip: If you are planning to purchase licenses for multiple users try to purchase them all at once to benefit from a lower price per user.

Sign-up for a free 14-day trial using the following link and get a BONUS Free 30 days added to your subscription when you upgrade to a paid subscription.

2. Provide staff with a corporate-managed computer to work from

If your organization works primarily from the Cloud, and your users do not need to access software on servers in your office, then providing a secure corporate-managed computer can be a great option. These computers should be encrypted, have corporate security software/policies, and be monitored/managed by IT. Asset Management can become somewhat of a challenge for these devices, so ensure these computers are well tracked by both IT and your operations team. 

3. Provide staff with a virtual desktop to connect to

In the event that your staff need access to software and databases on servers, and having users connect to computers in the office isn’t practical, or you plan to extend work-from-home beyond the COVID-19 pandemic, you may want to investigate Virtual Desktops. Virtual Desktops are an entirely cloud-based version of Microsoft Windows that, like a PC, supports any software your users may use on their office computers. Virtual Desktops are accessible through a software app that can be installed on any computer or can also be accessed securely from affordable “zero/thin client” devices that can be provided to staff either in or out of the office. Virtual Desktops can also be secured much more thoroughly and are ideal for industries with compliance requirements. 

Let’s Start the Conversation

If you are a happier IT client and would like to start a conversation with your happier IT vCIO, please reach out to team@happierit.com.

If you’re not yet a happier IT client, but you are interested in becoming one, please contact sales@happierit.com.