7 Important IT Security Practices When Working from Home

There is no doubt 2020 has been the year that people around the world have started to take the idea of remote working seriously. However, even after restrictions ease and people become more confident to venture out into public places, the working from home trend is unlikely to diminish in the near future. This is reflected by many large companies like Twitter, Facebook, and Shopify allowing employees to work remotely on a permanent basis. In the "new normal", working arrangements can be more flexible so employees may work from home for part of their working hours, and work in the office for the remainder.

With these new approaches to work taking place on a grand scale, the areas of potential vulnerability have become a larger cybersecurity threat for businesses. Cybercriminals have already shown that they are completely devoid of any humanity, with the WHO reporting a fivefold increase in cybercrime in the wake of the pandemic.

This puts extra pressure on IT departments, who need to deliver IT services to remote locations and be more vigilant concerning the dangers of cybercrime. If your business is feeling the strain, an IT support company like EC-MSP is on hand to offer assistance with all technical issues from network security to cloud computing. Some useful security practices for the home office include the following:

1. Devise a clear security policy

A sensible first measure to take would be to draw up a clear security policy for all employees to follow closely. With a clearly defined set of practices that everyone must follow when working remotely, the kind of haphazard approaches that create more security weaknesses can be avoided. This can also inform employees of the requirements for all devices connecting to the network, what procedures to follow in the event of a breach, and how bad practices can be avoided.

2. Provide employees with VPN access

A virtual private network (VPN) is an additional layer of security that protects users from the potential dangers of the web. It does this by hiding the user's IP address, masking their location and encrypting all data in transit. When employees are accessing corporate data remotely they do not have the network security of the business premises, so it is essential that a VPN is in place to minimise threats. Large corporations usually have a VPN already available, but smaller businesses may need to select a reliable service for the security of employees working from home.

3. Use multi-factor authentication

Multi-factor authentication (MFA) grants user access to the software or a device after at least two forms of verification are used. This can relate to their knowledge, such as a password or personal information, or something they physically possess, like a smartphone. The use of a one-time password (OTP) can be sent to a mobile device for verification. MFA can represent an inconvenience for employees when they are repeatedly required to follow the same process, but it can block 99.9 percent of attacks on accounts, according to Microsoft.

4. Software updates

When software fails to receive updates after they are made available, an IT risk may be presented to the system. Software that is outdated cannot be maintained and will not integrate with new systems. If vulnerabilities are found it will not have patches, which means there is a higher risk of being subject to advanced cyber attacks. This means software must receive regular updates, and hardware must also be updated when necessary. The minimum requirements of the software, hardware, and updating can be specified in the security policy.

5. Reset Wi-Fi router passwords

This is another area of potential weakness that can be avoided. Many people do not reset the default password for their home Wi-Fi router, which could leave it open to attacks. Employees can be helped with securing their home routers through remote support. It may also be necessary to ensure that employees are not using public Wi-Fi, although the use of a VPN makes it more secure. Employees should also be using data packages that have sufficient bandwidth, at the expense of the employer.

6. Password management

A high proportion of attacks on networks have been proven to be caused by weak or stolen passwords. This is often the result of passwords being easy to guess or not complex enough, and also that passwords are shared between employees or third-party vendors. It is important to securely store business-critical passwords, and the use of a trusted password management solution could be an appropriate measure. There are many of these to choose from, such as 1Password or LastPass.

7. Employee training

For all the IT security best practices that need to be followed, it is vital that all staff members are also on board. This means a rigorous training that helps them to know all of the required security protocols, but also the importance of cybersecurity and what could happen if practices are not followed. Employees should understand all of the risks and their consequences. It is also important to keep everyone apprised of security risks and industry news on a regular basis.

Security issues are not always at the forefront of our minds, but with the unsettling rise of cybercrime in the coronavirus era, we have even more reason to be constantly aware of the risks. Working from home either offers a convenient and flexible mode of working or the only option available due to health restrictions. For this reason, we should follow the best practices and be mindful of the dangers, so we can concentrate on taking business forward.