Keeping Users & Data Safe When Everyone is Working From Home
When everyone is in the office, at their desk, and working on their computers its hard enough to make sure corporate data, the network, and those users remain safe and protected. Having everyone work from home makes it much more difficult. IT support personnel must be prepared to perform activities they’ve never had to before. Your network’s attack surface has just grown to include every home involved, with consumer internet providers and their variable security provisions, and users on computers that haven’t been under your control. Here are some of the biggest issues to be concerned about.
If you know anyone who works as an IT manager or network manager let them know you appreciate them!. They are changing the way we work every day.
With everyone going to work from home (WFH) everyone experienced some high emotions. Some were thrilled to be able to work from home and not have to commute! Others started anticipating what life would be like at home all day with the kids, the dogs, the doorbell, the spouse…
For many IT professionals, their world turned upside down. All their users were accessing their network on unknown devices with varying security provisions and using residential internet services. Precious corporate data could easily be exposed. Their hardened network went soft. Literally, everything needed to be reconfigured to absorb the shock.
Once all that was done came the question of how the data center was going to be supported when nobody can safely get to it. Those who had completed their migration to the cloud thanked their stars.
What Can You Do To Help Protect Your Company?
The answer to this question will vary widely depending upon how your corporate network is organized and operated. However, we can take a look at the issues that are likely involved.
You’re the first endpoint on the path along your network.
Don’t share your passwords with anyone! Now would be a good time to update them with newer, stronger ones. No more “123455”,”password” or your spouse’s or pet’s name. These actually constitute about 80% of passwords in use today. Don’t be one of those.
If you’ve been asked to enable multi-factor authentication- do so. Every time you login you’ll receive a code on your mobile device that you will enter into the login dialog as instructed. This combines something you know, your password, with something you have, your mobile phone.
If you download corporate data there’s a chance you may redistribute it outside the company. This destroys the effectiveness of all those security investments. During the transition to WFH, you may have greater access to download data or store it on thumb drives and other USB storage devices. There are many ways your IT department can enable you to download important company data without compromising security. Ask about it! Downloading software is risky and could contain hazardous viruses or malware. Before you take advantage of that free download, check in with your IT department to make sure it's safe.
The very best last line of defense is data encryption. Work with your IT department to make sure the data you access is always encrypted. Not just when it travels between you and the data center, but also when it's sitting at rest in storage preferably in the data center, but possibly local to you. Don’t share your decryption keys with anyone. When anyone appropriates your encrypted data they get garbled nonsense.
Remember That the Biggest Source of Vulnerability is… You!
Unfortunately, it's true. Nothing in the network is as dangerous as you. You’re human. You can be fooled. The most frequent form of attack today is phishing which leads to ransomware. You receive an email that looks totally genuine from a known source. You’re asked to click a link or open an attachment. When you do you’ve opened the door to invasion. Your data is literally stolen and held for ransom until you pay. It’s called social engineering and it’s the biggest danger in computing today.
By knowing the risks and asking the right questions, you can set your IT team up for success.