WFH security risks - and how to solve them
1. Implement a clear policy
First and foremost, your organization should have an easy to understand written policy concerning remote working. Avoid long documents that no one will really read, instead go with one page covering the essentials. This policy should include guidelines for what you can do on your company's computers and how to connect securely. What happens, for example, when an employee uses their work computer for private browsing and streams through VPN and occupies bandwidth both in and out of the organization.
2. Use VPN
Connection to your organization's system should be done with a VPN, but it's important that authentication is still required for various services and systems, such as Microsoft Remote Desktop and SSH. You should also avoid exposing services that use SSH and RDP directly to the Internet. Take advantage of available certificate-based login along with two-factor authentication.
3. Copying of information
Working remotely allows malicious users the opportunity to copy, save and spread sensitive information. Therefore, your policy should also contain guidelines on how documents should be handled and what type of USB equipment may be connected. If a user can easily copy all documents from the document server to a USB flash drive? Malicious code could do the same.
4. Video conference
Many video conference systems offer a wide variety of possibilities and settings. Using the wrong settings can drastically increase the risk of espionage. Make sure users are using secure settings, which means using secure passwords, and locked conferences. Also, make sure the software is always up to date. Many video conferencing companies are continuously discovering ongoing vulnerabilities, in these times when their systems are being put to the test.
5. Train & keep users aware
Educate your users continuously and do awareness training. It can, for example, be done through various simulations of social engineering, like simulation of phishing campaigns. Keeping users safe can be compared to keeping a system secure. It is not a one-off effort but requires continuous work overtime.
6. Assume that the home network is already hacked
Do not give the user too much freedom to install own software just because he works from home. A home network can consist of many different types of components and systems that can be hacked or compromised. A good starting point is to work based on the principle that the home network is already hacked.
7. Monitor continuously
Monitor events such as unsuccessful login attempts. Work proactively to detect vulnerabilities in protocols and services used. Maybe it is time to review an external service that monitors events 24/7, such as a Security Operations Center (SOC) service.
Risk behaviors
Working from home involves increased risk behaviors. Here are a few.
- Connections are made via unsecured Wi-Fi networks at home and when the user is in motion.
- Increased risk of lost and stolen computers.
- Increased private activity, which gives increased exposure to various risks, not least websites that spread viruses.
- Reduced resistance to social engineering such as phishing and ransomware.
- Increased risk of non-compliance with the company's security policy.
- Increased risk of computers and systems not being updated.
- Increased risk of copying and dissemination of sensitive information.
Checklist for increased securityClear policy Use disk encryption Backup Update software Two-factor authentication Log events Clear contact paths Restrict & control |

About the author
Jonas Lejon
jonas@triop.se
Website: kryptera.se