Are remote workers putting your business at risk?

Remote Workers

Written by: Chris Dixon-Hughes

My life mission is to help people where ever I can, using the skill and expertise I’ve developed over the years. A geek since my family’s first IBM XT in the 80’s. I saw a niche in the security side of the technology business, which is why I put my focus there and it’s continued to grow and evolve.

March 13, 2020

Are remote workers putting your business at risk?

Are you one of the many businesses owners/managers that are considering remote work for employees at the moment? With the threat of coronavirus, it’s expected that businesses that hadn’t ever considered it before will be forced to entertain the concept. However, many aspects need to be entertained, there are obvious ones like:

  • What roles can be carried out remotely?
  • How will communication occur?
  • How will progress be tracked
  • Insurance, tax or worker’s compensation implications?
  • Who is providing the equipment?

But there is one important aspect that can be frequently overlooked…

SECURITY!

Unfortunately, as we see more businesses rush into a remote workforce we are expecting to see a significant increase in businesses that get their systems compromised. Keeping business running is important and that’s obviously why you are considering the remote work option for those employees whose jobs it can suit. But an important question needs to be asked…
How can I keep my company secure when I have a number of remote workers accessing my data???
So what are the concerns with this?
For a while now we have been seeing an increase in malicious activity targeting people who work from home and as the number of remote workers increases, this activity will too. One of the methods they do this is by effectively weaponising family members or web-enabled smart devices such as fridges, TV’s etc that usually don’t have the protections or get the updates that company devices do. These devices are then used to compromise the home network and pave the way to attack the company directly through the remote workers’ company devices. This is just one of many scenarios, and it’s actually the scenario that was attempted recently for one of our customers’ remote workers.

Remote workers risks - click to enlarge

This image is taken from a firewall we have in place at this particular employees residence, it shows the various networks we have set up for them and then at the bottom it shows that the advanced threat protection has detected malicious traffic attempting (unsuccessfully) to play out the above scenario!
So here are a few key things we can do to help prevent the above situation…

VPN

VPN’s are a bit of a buzz word lately (well actually acronym) however, it seems to be frequently misunderstood. In short, a VPN creates a safe, encrypted connection over a less secure network, such as the public internet, between two points. Think of it effectively like a secure tunnel that is bored through the internet between two locations. These are effective unless one of the ends is compromised…

Segregate the home network

One of the next things we can do is create a new network that is exclusively for the company devices, that way if a family members device is compromised there is little chance it can interact with the company devices. Think of it as a quarantined room for your worker in a digital sense. This can be a bit tricky if the home router unit isn’t designed well for multiple networks or if there is a printer that is needed by both the remote worker and the rest of the family…

Firewall

The device provided by your Internet Service Provider really isn’t very robust, rarely do they get updated and they frequently get set up without ever changing the default passwords making it easier for the bad guys to get into it and since that’s the core of most home networks they can then cause a heap of havoc and frequently no one is any the wiser. So what we can do is put in a firewall to protect the home network environment and alert us to any issues. We particularly like to do this with key players like company directors or managers.

Policy

One of the other key things we do is work with the customer to create a policy that effectively says… company devices are for company use only, no personal use, no online shopping, no games, no personal emails etc…

Final Words

With these steps in place, you have decreased your companies risk of getting compromised by remote employees significantly. However, please note this is just a generic list of step and may not be the most appropriate for your situation as there are many other solution combinations available. Also, unfortunately, the threats are always evolving and there are never any guarantees that something won’t happen, this is why a good disaster recovery system is an essential part of any strategy for companies weather they have remote workers or not.
Moving to a remote workforce comes with hurdles, including the security of your data, network and infrastructure, but we are here to help. These systems need proper planning and implementation, if you need any support with any of this then for the sake of your business, your employees, your customers and anyone else your business has an impact on don’t hesitate to contact us today.