TALKING
business
‘‘
Understand the threats to your
organisation. Business leaders should work
with their security teams to identify likely
attack vectors as a result of more employees
working from home and prioritise the
protection of their most sensitive information
and business-critical applications.
Provide clear guidance and encourage
communication. They must ensure
that homeworking policies are clear and
include easy-to-follow steps that empower
employees to make their homeworking
environment secure. This should include
instructing employees to communicate
with internal security teams about any
suspicious activities.
“
INDIVIDUAL
USERS MUST BE
EMPOWERED
TO FOLLOW
THE GUIDANCE
PROVIDED
TO THEM BY
ORGANISATIONS
AND TAKE
PREVENTATIVE
MEASURES.
Provide the right security capabilities.
Leaders should ensure all corporately
owned or managed devices are equipped
with essential security capabilities,
extending the same network security best
practices that exist within the enterprise
to all remote environments. These critical
capabilities include:
• An ability to securely connect users to
their business-critical cloud and onpremises
applications, such as video
teleconferencing applications increasingly
relevant for remote work environments.
• Endpoint protection on all laptops and
mobile devices, including VPN tools
with encryption.
• An ability to enforce multi-factor
authentication (MFA).
• An ability to block exploits, malware and
command-and-control (C2) traffic using
real-time, automated threat intelligence.
• An ability to filter malicious domain URLs
and perform DNS sinkholing to thwart
common phishing attacks.
How individuals can respond
Individual users must be empowered
to follow the guidance provided to
them by organisations and take
preventative measures.
Maintain good password hygiene.
Employees should use complex passwords
and multifactor authentication where possible
and change these passwords frequently.
Update systems and software. Individuals
should install updates and patches in a
timely manner, including on mobile devices
and any other non-corporate devices they
might use for work.
Secure your Wi-Fi access point. People
should change their default settings and
passwords in order to reduce the potential
impact on their work of an attack via other
connected devices.
Use a virtual private network (VPN).
VPNs can help create a trusted connection
between employees and their organisations
and ensure ongoing access to corporate
tools. Corporate VPNs provide additional
protection against phishing and malware
attacks, the same way corporate firewalls do
in the office.
Be wary of COVID-19 scams. We’ve seen
phishing emails, malicious domains and fake
apps out in the wild already. Threat actors
love to exploit real world tragedies and
COVID-19 is no different.
Don’t mix personal and work. Employees
should use their work devices to do work and
their personal devices for personal matters.
If you wouldn’t install or use a service while
you’re at the office, don’t do it while at
home on your work device.
Taking these relatively straightforward
steps at both an enterprise and individual
level should help address some of the most
common security risks facing our homeworking
environments. We should also
recognise that our threat environment is
not static, which means it’s important to
keep a close eye on evolving threats to avoid
unnecessary additional costs and disruptions
in a time when we can least afford them. •
40 INTELLIGENTCIO www.intelligentcio.com