WFH and making it secure

Here are some tips on how to minimise the risk of a security breach while working from home.

As mentioned in our other article Working from home – are you aware of the risks?, we need to look over how we manage both data, security and remote access. It is imperative that you can rely on the security of the remote workers devices or data storage whilst they are at home.

Strong passwords

Enforce all your users to have strong, unique passwords for each separate service and login they use. This also needs to apply to any devices that they use at home to deter access from unauthorised users. Follow the rule of 3 random words, numbers and symbols for each password.

Top Tip: It's better to enforce a longer password length then it is to enforce changing your password every month (and much less annoying!)

Anti-Virus

You may be able to extend or deploy the managed anti-virus software that you have on your network to the remote devices. Doing this means that you can be sure of the level of protection that is in place and the device is scanned at a regular interval.

Top Tip: Make sure you're using anti-virus software that's managed on the Cloud, it makes it easy to deploy and setup a separate policy for home workers.

Updates

Make sure that all updates (like Windows and Office) are applied to make sure that any vulnerabilities are quickly resolved. This is more difficult to enforce on a device that is not part of the network but the ability for the updates to be downloaded and automatically applied can be put in place.

Top Tip: Extend your device management to home devices with Microsoft Intune.

Encryption

Windows 10 Pro includes BitLocker that allows you to encrypt the end users laptop or PC. This means any data that is on the device is protected if it gets stolen or lost. Home devices most probably don’t have Windows 10 Pro unless they have taken them from the office.

Most modern tablet and mobile devices can be password protected and doing so, encrypts the device. Its worth enforcing this on devices that are used for company purposes and if you have a number of devices, implementing something like Microsoft InTune to control such devices could be beneficial.

Top Tip: Azure Information Protection automatically encrypts all documents that have a labelled applied.

Approved software

Create a list of approved software for all users that needs to be adhered to. This means that end users use a set list of software to standardise and to remove downloading third party or potentially compromised install files. Such an example would be Microsoft Teams for video conferencing rather than Zoom or Microsoft Office instead of Open Office.

Multi Factor Authentication

Make sure that this is implemented and setup for access to company resources, Microsoft 365 and any other package that supports it. This ensures a higher level of security so the person actually accessing the data is the correct person.

Data transfer

Use a trusted, private system such as OneDrive to transfer data from one place to another. Don’t use USB drives unless they are encrypted as these are another potential security risk.

What else?

Another thing to consider is how to control the data that the users have access to. We recommend Azure Information Protection that can prevent users from distributing, printing or e-mailing documents. You can use this to label documents or e-mails to stop them being copied, sent on to other users or printed. This is linked to Office 365 and needs some additional licences but is a good way of ensuring that even if the users have access to specific documents or e-mails on their home PC, they cannot send them outside the company network; you can even retract documents at will.

There are lots of other things to be aware of, but these are the most common points. If you need a detailed summary or require a security audit of your network and working from home arrangements, please contact us.