Welcome to the world of working from home
Many enterprises provide employees the option to work from home. Yet the ‘new normal’ of the remote workspace introduces extra responsibilities. In addition to your ‘proper’ job you have now also taken-on on the responsibility of running your own office / data center / network / help desk / IT admin shop.
With many of us working from home for the first time or at least now spending the majority of our time working remotely, there are lots of new responsibilities we all should now address. Depending on what your employer provides, some may be better prepared than others. You may have company-provided kit, and this may be fully managed and patched. Or you may use your own PC / laptop / tablet, etc. – welcome to the world of Bring Your Own Device (BYOD).
If you’re using your own device, you should follow good practice and keep the device updated, which we all do, of course. But working from home does not just mean looking after the device you use for work. You are unlikely to be the only one working from home. Many will have other family members, which may include children, who now have to join remote classes, and play games, and stream the latest entertainment. How to make sure that this is all done in an appropriate and safe manner?
Step 1 – Network Security
Start at the network level. Make sure your router is configured properly. Check the device is up to date – maybe your ISP updates it automatically – if not, check the support site from the manufacturer and get your firmware updated. While concentrating on the router, make sure the WiFi is set to use WPA2 and do not use the default SSID, admin ID and password – depending on the device there were problems with some manufacturers where the default ID and password were related to the SSID. While on the router, have a look at the registered devices – remove all those old devices you no longer have. Also look at the firewall rules. Gamers may need to punch a few holes through the firewall. The rest of us can block all in-bound traffic! If your router supports multiple WiFi networks, a guest WiFi network is good for your guests and your children’s guests – you never know what they access – although, again if supported, you should also enable blocking of inappropriate sites / content.
Step 2 – Beware of “Smart” Devices
While looking at the router, have a look out for those devices that have inappropriate settings. Some devices, for example baby monitors, are very insecure – make sure that they have no internet access. Streaming devices, “smart” doorbells, security cameras, and children’s toys are all possible vectors for compromise of your home network – if you can update them, do so, if you can’t, isolate them from the internet. Why not just isolate these “smart” devices anyway?
Step 3 – Device Security
Having put some thought to your network connection, you can then move on to the devices. As I mentioned above – make sure they are patched and up to date.
Once the devices are patched, are they running apps from reputable app stores? Dodgy apps from dodgy app-stores are a common way for scammers to compromise devices and then they move on to compromise other devices in your network. All those apps you downloaded and tried once? Delete them! If you don’t use them, they just take up space and someone may compromise them in the future.
Step 4 – Secure Back-Ups
Now you need to think about data security. Is your device using encryption? How are you backing-up your device and is the backup secure? I would recommend at least two backups (both encrypted, of course) and one of them put in a remote location. By remote, I mean not next to your PC. If you can store your backups in another room and in some sort of fire-proof container this may save your work in the event of fire / flood / theft – but make sure the backups are not vulnerable to theft in your garden shed!
If you have access to cloud storage, you can take advantage of that – make sure you read and understand the terms and conditions though. Ensure your backups to cloud storage are encrypted and they are readable only by you. Now you have encrypted your device and backups, make sure you back up the encryption keys as well and to a different media / device.
Other cloud services may be attractive while working from home – Zoom, WhatsApp, Facetime as well as lots of others, are all popular messaging / conferencing tools. Many are fine for keeping in touch with friends and family but think about how you share your corporate intellectual property (IP). Some WhatsApp groups have uncontrolled membership. Zoombombing is a new “sport” and also a channel for eavesdropping. Confidential information should only be shared on “approved” services – hopefully these have been vetted and a risk assessment been carried-out.
Step 5 – Password Management
Use a password manager to store all your passwords. Make sure your passwords are different for all your accounts, devices and backups. I use a password manager on my laptop and phone and synchronize the password database between them. Please don’t share your IDs and passwords – once you share the admin credentials to your router with your children, it’s no longer “your” router.
Step 6 – Identity Governance
If you are using a BYOD setup, you may be experiencing, on a small scale, an identity management and governance challenge. For a shared PC, you should restrict the permissions other users have. If you are the main user, you are likely to have admin privileges – make sure other users do not. If your other users need to install new apps, you can do it for them. Make sure the other users do not have access to your work folders / directories. Make sure your other users also use good passwords and don\’t share them between accounts.
While following these good practices will help you make your digital remote workspace more secure, identity and access management can help your organization get in control of the remote users and maintain access compliance.
With most users no longer being inside the corporate firewall and therefore outside the reach of perimeter-based security tools, companies are very likely to have higher exposure to network and phishing attacks and that makes identity governance the new perimeter.
Find out much more about how identity management and access governance processes match evolving business needs for governance and compliance or get in touch with us to learn more about how we have helped organizations like yours.
Learn more about Omada’s Best Practice Process framework for IGA