- Contact Us
The COVID-19 pandemic has presented unprecedented global challenges at all levels of society today, from healthcare to social concerns. With much of the East and West Coasts experiencing government-enforced social distancing lock downs, businesses have had to scramble to turn their daily office operations into a remote workforce. For an organization like Compass IT Compliance with its roots as a virtual company, this was not a challenge. However, many organizations were not prepared to migrate the majority of their employees to work-from-home users. There have been reports of significant layoffs and furloughs, and IT departments scrambling to buy laptops to configure for an enlarged remote workforce.
In this day and age of the internet and cloud computing, this transition has been made easier to establish communications and connections to business data and applications from virtually anywhere. However, Information Security Officers and security teams have to ask themselves, “How do we secure all of these remote workers?” It’s a challenge to secure a network that the company controls. It’s difficult to impossible to enforce controls over remote, home networks. Below is a set of security concerns and suggested control objectives that Compass IT Compliance asks on a daily basis as we support the remote workforces of our clients. The majority of these controls are within the abilities of home workers to configure on their own. A few will require corporate IT’s help and some may only be for the paranoid IT security professional.
Social Engineering Awareness – Ensure employees are informed about the risks and threats of social engineering. Threats don’t stop when staff are out of the office, and information security awareness shouldn’t either.
Home Network Equipment – Remote workers will be using their own personal network equipment. It’s not practical to assume this equipment meets any security standards compared to corporate resources. In most cases, the equipment is older and rests in the default configuration left by the telephone/cable company installer. Today, many homes have an all-in-one router or wireless access point. In some cases these may be separate. These recommendations apply to any home networking equipment.
The Remote Computer – Whether the organization provides the home worker with a corporate computer or allows the use of a personal device, the remote worker must ensure the system is secure and updated to defend against threats.
Kids and Other Users – Most homes today have at least one computer available for shared use by the family. This computer should not be used for business use. Conversely, if a corporate device was provided for working from home, it should be only be used for business purposes.
Other Devices (Advanced) – Many homes today have several other devices, not just computers connected to the Wi-Fi network (e.g. smart TVs, gaming consoles, thermostats, cameras, etc). This is referred to as the Internet of Things (IoT). These devices can represent easy targets to attackers as most manufacturers do not consider security when adding network integration into their designs.
We've condensed the information above into this checklist for free downloading and sharing with your staff. Compass IT Compliance has spent the past decade assisting organizations in various industries with addressing these network concerns. Contact us today to discuss your unique situation!