One of the consequences of the current corona outbreak is that many of us are working from home, outside companies secure IT networks. The corona virus and its consequences came as a surprise to most of us and many companies lack proper rules and regulations as to how employees should be working when they are out of the office.
Whether you are an employer or an employee there is a lot to keep in mind when working remotely. As an employer, what should you do to create the right conditions for working optimally and safely from your home office, and what do you as an employee have to think about when working from home?
Defective security solutions
We can read in the media about fraudsters who are taking advantage of the situation now that many people are working from home and IT departments are scattered across the country. Some companies have inadequate security solutions when users have to log into the office's IT system. For example, basic usernames and passwords are often used that are relatively easy for unauthorized persons to access and use.
Tech giant Microsoft, who manages 30 billion logins every day from more than one billion active users, announces that 99.9% of all hacked accounts are due to deficiencies in the use of two-step verification. Two-step verification is an extra level of login security that most of us know about. This means that you log in with something known (your password) as well as something you have to obtain (for example a code generated from a mobile application).
Advice for employee and employer
Below you will some advice that we hope can be of help for both employees and employers working remotely.
Employees:
- Only use your work computer: If you have a work computer, you should use it when working from home. These are computers that have either been configured by your IT department or IT provider - that is, they are preconfigured with a slightly stricter security profile than private computers, they have updated antivirus programs and no local administrator rights. Avoid using and linking your own IT equipment with the equipment you have received from your employer. Also, do not use your work computer as a family computer. The computer you have received from your employer is set up for you and no one else.
- Computer at work = computer at home: Handle your computer the same way when you are at home as you would in the office. For example, use a screensaver with a password when you leave your computer, even if it is only for a short time. This prevents, for example, children or other family members from accessing business documents and accidentally deleting or publishing something by chance.
- Wifi at home: We all have wifi at home nowadays. Be careful when choosing a network name and password, do not use your street address, your name or anything that may make it easier for unauthorized people to understand who the network belongs to. Create a password with both lowercase and uppercase letters and numbers that you can remember yourself. Twelve characters or more are recommended. Frequently change your password.
- Fraudsters operate: Be extra critical to inquiries that come via text messages or email, even if they come from colleagues, customers or suppliers. Now that everyone is sitting "alone at home", we will be easier targets for professional scammers because we have no desk neighbor to consult and may have to make more decisions on our own. This fact is exploited by the criminals.
- Be vigilant: If anything abnormal occurs, contact your organization's security personnel. If you do not have your own security staff employed but have outsourced the IT function to an external IT provider, you should report to the company's IT supplier as soon as possible.
Employer:
All employers should have general guidelines in place on how to ensure safety when working from home. This ensures that we all have the same understanding of what rules apply and can help ensure that work outside the office is done in a correct and safe way.
In addition to such guidelines, the employer should focus on the following:
Adequate equipment: Everyone who works from home has adequate equipment to work effectively. We should work on a computer that belongs to the workplace. Private computers often have several users, which can provide a lower level of security than is acceptable for the business. This could mean, for example, that family members have access to the company's business system or documents if they are stored in shared folders.
Adequate software: Introduce restrictions on what programs home users can install on computers belonging to the workplace. The main rule is that only software required to perform work tasks is allowed. Downloading and installing unauthorized software is not allowed.
Secure access to IT solutions: Employers should have clear procedures for how individual employees should connect to the company's IT solutions from home. It is important that communication is done securely through the use of VPN or similar solutions (VPN - Virtual Private Network service that encrypts your web traffic and protects your identity online). Make sure to use solutions that require two-step verification at login, if not already used.
Procedures for incident reporting: Everyone who works from home knows the business's routines for reporting and handling incidents. It ensures that abnormal events are reported and that all notifications are handled in the best possible way.