Home offices are now part of everyday life in numerous companies. They will probably remain so since many employees and employers would like to continue working from home in one form or another even after Corona. High time to take care of security after the first lockdown was often only about making work from home possible in the first place.

Computers in the home office are more at risk than in the well-protected company network – cybercriminals quickly recognized this and intensified their attack efforts in the first days of the pandemic. However, companies are not powerless in the face of this but can implement a few basic measures to better secure systems outside of their own IT infrastructure.

No Private Devices

Because many employees had to move to the home office at short notice in the early days of Corona and many companies lacked mobile devices, some employees worked at home on their private PCs – and some still do. However, companies cannot enforce security policies on these devices and must rely on the employee’s protective measures. Therefore, such “pragmatic” solutions are a risk and should be replaced as urgent.

Regular Patching

Today’s main gateway for cybercriminals is software vulnerabilities – almost all malware tries to exploit security holes in operating systems or applications to infect a system. Therefore, the quick installation of all available security updates and patches is the essential requirement for secure work in the home office and allows many attacks to come to nothing.

Up-To-Date Endpoint Protection

Modern endpoint protection, which combines various detection mechanisms to ward off advanced malware, belongs on all homework computers. Of course, companies must also update this security software regularly to offer the best possible protection.

Two-Factor Authentication

The classic login to systems, applications and online services with a username and password is no longer up to date because cybercriminals are now pretty good at guessing even long passwords – or they are used in malware and phishing attacks capture. More complex passwords hardly increase the level of protection and only tempt employees to use the same password for several accesses. Two-factor authentication is more secure, requiring another factor besides the password, such as a smart card, a security token or a PIN sent to a mobile phone. The password alone is then worthless to an attacker.

VPN Connection To The Company Network

Employees need access to data or applications in the company network for many tasks. They establish this via a VPN – an encrypted communication tunnel between the work device and the company infrastructure. In this way, companies prevent outsiders from tapping or manipulating data on the transmission path. In addition, they find it easier to adjust security policies and install updates than on systems that are not connected to the company network.

Control of USB Devices

To reduce the risk of malware infection and prevent company data from ending up on private storage, companies can at least block the USB ports of homework computers for external storage media such as USB sticks and hard drives.

Encrypted WLAN

Many employees use a wireless network at home. So that company data is protected, you should activate secure WLAN encryption with WPA2 or WPA3 – the older encryption standards WEP and WPA no longer offer sufficient protection. The WLAN encryption ensures that attackers cannot intercept the transmitted data, which is particularly important when employees are not using a VPN, or only certain connections are routed through the VPN tunnel.

Secure Router Password

The router itself must also be protected against unauthorized access so that cybercriminals cannot hijack it and read all data transmissions. Therefore, a secure password for access to the router configuration is mandatory, mainly because the simple default passwords of many router models are widely known. The more complex default passwords that some manufacturers assign to each device individually, while more secure, aren’t ideal either, as they’re usually printed on the device. Guests, artisans or other visitors could write them down in an unobserved moment.

Careful Selection of Cloud Services

Companies have often introduced new cloud services and online services for data exchange and communication with the home office. Here they should now evaluate whether they meet their security and data protection requirements, for example, whether they use secure encryption, where they store data or how they can be integrated into the company’s existing security infrastructure.

Clear Guidelines For Employees

With clear and binding guidelines for handling data, applications and devices in the home office, companies prevent employees from endangering IT security or violating data protection out of ignorance. You should also coordinate communication channels and contact persons to regulate processes, and employees do not fall for fraudulent attempts such as scam calls from supposed support employees. Special awareness training courses can also help further raise awareness of cyber threats.

The post Steps To A Secure Home Office appeared first on TechReviewsCorner.

When looking at the current world of work, the question quickly arises why many “normal office and screen workplaces” have not found their way into the mobile or home office. The transition to a home office or the changeover to a mobile workplace should be easy: There are probably hardly any employees who do not have an Internet connection at home in one way or another. Devices such as notebooks should also be widespread. In principle, “mobile work” from your own home should be quick and easy.

Home Office and “Mobile Working” Are Different Things.

Unfortunately, the terms mobile working and home office are often mixed up: “After all, a mobile employee can also be at home and work with his notebook” is a joint statement. If you ignore the technical differences, mainly trading unions, IHK, and lawyers vehemently speak out against this mixture.

They describe colloquially subsumed under home office, then technically with the somewhat antiquated term “telework.” The most important difference: According to the workplace ordinance, such a teleworking station is ” a permanently set up computer workstation in the private area of ​​the employee.” In addition, there is an agreement on weekly working hours and the duration of this facility. The company is then also responsible for setting up this workplace.

It’sIt’s different with mobile work: the workplace moves with the employee – he can sit at home and in a coffee shop or on the terrace of a hotel. In these cases, the workplace ordinance does not apply. That is why many companies insist on talking about mobile working, even if they send their employees to the “home office” in principle.

Challenges For Technology

One of the most significant challenges that the “new work” from the home office confronts both the IT specialists in the company and the employees in their homes is the connection to the Internet, which is available to the employees. Even if the company equips its “external” specialists with the latest IT technology and provides you with complex VPN, such as technology, a weak, unreliable Internet connection can quickly destroy any hope that employees will work the same way they would office. 

Home Office In Focus

Cloud solutions offer another way into the corporate network: They are already used by most companies today. Many users are already using solutions such as Dropbox or OneDrive in one way or another. If the employees in the company already use solutions such as Microsoft 365, they can usually continue to use them very quickly from the home office. Suppose a correspondingly good, stable connection is available. In that case, companies can use Desktop-as-a-Service (DaaS) solutions to provide their users with complete Windows or Linux desktops, which the user can then access via the Internet. To be available. He then works in the browser or with a particular client, ideally shielded from his home environment.

Communication: From “Alone” To “Perpetual Video Conference”

At first glance, it may seem nonsensical to talk about changed communication concerning work in the home office: After all, we communicated via email and telephone even before the pandemic. Video conferences also took place before that time – although perhaps not at the current frequency.

Particularly in isolation caused by remote work, targeted communication between employees and between home office workers and the company is of great importance. So it is not enough to equip the colleagues who are now working externally with the right technology by using remote work control software but to use the communication channels intensively – in both directions. Contact with the team, colleagues and other employees mustn’t be limited to a daily video conference limited: All employees in the home office must be able to communicate immediately and directly with other team members in case of doubt without them having to wait long for a response to an email message. In many cases, only a face-to-face conversation will help. To do this, IT must be able to provide as many channels as possible.

It is solutions like Slack that enable and facilitate communication in the team at the level of chats and corresponding channels. The advantage of communication via email is that a kind of direct conversation or discussion is conducted. Indeed, such email applications in the business environment will not cause the death toll, even if companies like Slack and Asana postulate this repeatedly. Still, it can be a goal to get older employees used to it, with chat tools and Messenger applications actively communicate.

Also Read: What Is The SaaS Model

Home Office And (Once Again) Shadow IT.

The security requirements for working from home do not differ from those that (should) also apply in the company. Mostly “confidentiality”, “integrity” and “availability” are mentioned as goals of the security measures. But it is understandably much easier for the IT team in charge to set a goal such as confidentiality (i.e., the protection of information, data and other IT resources from unauthorized access) in the protected company network than on possibly even private computers of the users in the home office to reach.

The so-called shadow IT is a big problem: The IT employees usually already know this from their daily work in the company, because there, too, the employees use their notebook or tablet from time to time to access the company network or even to send company data (if possible via a private email account). But in these situations, the IT team can usually quickly track down and stop the use of unauthorized devices, applications, and services. But what users use in the home office, they cannot promptly determine or even prevent.

Sixty-three percent of those surveyed stated that they access documents and services of their employer with remote end devices. Still, 58 percent admitted to saving or transferring work data on personal USB sticks. Finally, 55 percent of respondents said they use private email or file-sharing services in the cloud for work purposes. Thus, for IT professionals working remotely and using digital workstations, the following still applies: “Security, security and once again security.”

The post VPN, Remote Desktop & Co. – That’s How We Work Today appeared first on TechReviewsCorner.