Personalise your experience

Get the latest insights relevant to your sector.

Blog · 31 Mar 2020

Top tips for securing your homeworkers

Some top tips for staying secure in the short to medium term with the shift to homeworking.

profile-picture
CISO, commercial contracts, BT

As the world tries to get to grips with new ways of working, it can be hard to think beyond the current challenge.

But with so many people now working from home, it’s important to consider what’s next.

We’ve got a long heritage of homeworking in our business, but even so, we’re in unchartered territory for implementing it at these levels, so we’re on a steep learning curve too.

But the more we share experiences and best practice, the quicker we can help each other bed down into a new, more sustainable and calm working situation.

So, here’s the guidance we’re recommending to help people and businesses – including our own - work remotely, effectively and securely:

  1.  keep employee wellbeing at the top of the agenda
  2.  protect capacity in the remote working infrastructure
  3.  make sure data and users are secure
  4.  plan ahead for potential IT issues
  5.  monitor, review and adjust things as needed.

1.       Keep employee wellbeing at the top of the agenda

People are the lifeblood of any company, so their wellbeing while adjusting to working from home needs to be a top priority. Encourage teams to establish a well-balanced day with regular breaks from the keyboard and not work extra-long hours just because they’re based from home. Share ideas for exercise — even if it’s just spending some time in the garden grabbing a breath of fresh air. It’s a good way to help people look after their wellbeing and support them. The social side of things is really important, too. People thrive on interaction, so think about how we can stay connected, through virtual coffee breaks and social media chat groups, using corporate social media and IM groups.

2.       Protect capacity in the remote working infrastructure

Home working means depending on home broadband and wifi access that wasn’t designed for high work traffic flows. People are trying to balance personal versus professional IT needs – i.e. work applications versus downloading and streaming school, TV, video, radio or games content. It may help to work outside of peak 9-5 hours or to stagger when people log into the VPN. Longer term, it may be worth considering moving to cloud-hosted apps, like Salesforce, from VPN to free up capacity and allowing direct browsing to lower-risk websites and apps, such as Office 365. Keeping track and control of content and improving visibility, using a web-based proxy or DNS-based protection can also be useful.

3.       Make sure data and users are secure

Given how much adjustment is needed for long-term home working, there’s the possibility that people may not be as vigilant about security as they would be in the office. So it’s a good idea to remind teams about keeping their devices and company data safe and not letting loved ones use work IT for personal use. Only save data to official places and make sure work screens and conversations are kept private.

Where personal IT is being used for work, make sure security is enabled on the device and that it’s fully patched and updated. Encourage people to make the most of free security features on home broadband packages and free trials of endpoint protection software.

And now’s a perfect time for everyone to refresh their security awareness training, particularly around scamming and phishing attacks.

4.       Plan ahead for potential IT issues

Rather than waiting for your IT to fall over as it feels the strain, start your “what if” planning now. For instance, what steps will you take if your emergency VPN fails?

By monitoring your current traffic and usage, you’ll get a clear understanding of the end-to-end flows for your remote users and your critical infrastructure. You can then use that insight to work out how to increase capacity or re-design your architecture around potential failure points.

Think about how to help if employees lose access to reliable endpoint IT while working from home – things like using the web for access to basic services, being able to do remote fixes and securing personal devices. By planning ahead, you can build in capacity and resilience.

5.       Monitor, review and adjust things as needed

As remote working becomes our business as usual for the foreseeable future, security ‘housekeeping’ will change, too. It’s worth checking cyber insurance policies and how they cover working from home. And to stay ahead of the hackers, it’s important to identify ways to protect critical remote access and collaboration services.

Everyone’s IT environment is growing rapidly with lots of temporary accesses, architecture and permissions being added. By keeping track of all the changes, it will be easier to roll back from them as needed in the future. And being clear on where data has been processed outside standard processes, means it can be secured and repatriated when appropriate.

If your organisation has any questions about security or remote working, please reach out to your account manager. Whether it’s practical help or reassurance, we’re here to help.

Contact