6 Cybersecurity Risks Associated with Working From Home

In most office spaces you can control who has access to your facilities. You can track visitors with a sign-in sheet at the reception desk. You can watch your facilities with security cameras to detect security incidents. These physical safeguards do not apply to employees working from home. Luckily you can still provide some physical safeguards for employees working from home. Give employees a laptop lock to protect their company provided workstation. This can help reduce device theft. Encrypt your workstations so that in the event the device is stolen, the data can not be read.

Companies often have mission-critical resources (e.g. file servers) on their local networks. Your remote employees may now need to access those resources from home. Never make servers containing sensitive information directly accessible via the internet. A far more secure solution is to set up a virtual private network (VPN). This allows users to access their corporate network securely. Make sure that the VPN connection goes through a fully encrypted tunnel. Ensuring that only your employees can access your VPN remotely is critical. You can set up multi factor authentication (MFA) to do this. We recommend using SAASPASS for MFA so much that we became their partner. Feel free to reach out to us if you would like to use SAASPASS.

Another important point. Disable the split tunneling setting on your company’s VPN appliance. This ensures that when VPN is in use all traffic from a workstation goes through your VPN connection.

Users may “quickly step away” from their laptop leaving it unlocked and unattended. This provides an opportunity for other persons at home, to access the device. You need to train end-users to lock their workstations before leaving them unattended. Don't rely on the end-user. Configure your workstations to lock after five minutes of inactivity.

Users may attempt to use personal devices for work to bypass your security controls.

Here are a couple of scenarios. Users may sync their corporate OneDrive to their personal laptops. Users may try to install a VPN client on their personal device to access the corporate network.

You need to create a whitelist to control which devices can connect to your network via the VPN. At the very least, prevent outdated operating systems from connecting to your VPN. Preventing devices that don't have anti-virus software installed also makes sense.

Don't forget about your cloud resources. Configure them so that they can only be accessed by authorized devices.

Do you centrally manage updates for your workstations? If so, you may face difficulty deploying updates to remote workstations. A good idea is to force users to connect to the VPN before logging into their workstation. This will allow you to deploy updates as if they were on your corporate network. Asking end users to connect to the VPN is a time consuming and hopeless endeavor.

Alternatively, you can configure your workstations to receive their updates directly from Microsoft.

The physical security controls in an employee’s home are limited and can not be verified. As a result, users should be prevented from printing documents from their workstation. This reduces the risk of sensitive information being leaked. Sure a user can email the document to themselves and print it from another computer. At least you will have evidence that they attempted to bypass your security controls.