Harden up home hardware
In the rush to social distance, many people went remote without work computers and had to rely on whatever setup they had at home. This creates potentially serious security risks, since consumer products aren’t always up to the level of enterprise hardware used in the workplace.
“The organization has no control over those computers,” says Michael Hamilton, founder and CISO of digital security firm CI Security. “You have to constantly message your employees that you are a target and have to be extra careful.”
If possible, Hamilton says employees shouldn’t use the same computer for remote work as any leisure or home computer time. For businesses that are able to — and those with employees working on highly sensitive information — Singh suggests companies consider buying a work-only computer for employees to break up these two different use cases as a way to minimize risks.
“I recommend that every business challenge their suppliers and vendors to ensure all their software and hardware can be implemented in a secure way,” Howard says. “It’s more critical than ever that every endpoint purchase decision should be a security decision.”
Besides computers, remote workers need to take a careful look at the rest of the home hardware they are using. For example, employees should lock down their routers with unique passwords since hackers attack routers constantly.
“It’s very easy to get into your PC through your router,” Singh says. “When you get infected at work, the IT department takes your PC off the grid so you can’t infect others, but when you get infected at home, the chance for you to be the host that takes the entire company down is very high.”
Remote workers should also consider putting any connected devices like smart thermostats or voice assistants on a separate wireless network and creating a dedicated one for their work computer if their home router supports it. Printers, which are connected to the internet but often overlooked, should also go on the separate network since they are regularly targeted in hacks. If employees need to keep a printer online at home, they need to make sure the device has up-to-date firmware and any patches the manufacturer has released to keep it secure.
Deflect attacks with software solutions
The next best thing to a secure office is a virtual private network, or a VPN. Hamilton suggests companies provide VPN access so users can connect to work networks to send and receive files, data, and applications from anywhere, securely.
Another way to protect data on a computer is with virtual “containers” that can isolate any potential malware and keep it off of a computer. HP is offering its version of the technology called HP Sure Click Pro, a tool that helps protect from web, email, and document-based security threats, free of charge through September 30 for HP and non-HP Windows 10 PC users. Even for HP Sure Click users, the pro version will enhance the experience with additional features, such as editing Word and Excel documents within an isolated container.
Another software service that many companies need to consider will be remote monitoring, in which a security team keeps track of threats and shuts them down. In a time when many companies are seeing a drop in business, it might seem like a steep expense, but not spending the money now could lead to an even costlier mistake.
“You can do everything to protect yourself, but [attacks] are going to happen, and you have to be able to detect and respond,” Hamilton says. “If you get a bad piece of malware right now, you’re done.”
IT workers might need extra check-ins to confirm they aren’t overwhelmed as they work to protect a suddenly dispersed workforce while potentially working from home themselves.
“Pushing everyone remote essentially overnight and then having to maintain security is a huge challenge, and companies need to continue to praise them and give them the tools that they need,” Howard says. “They are all heroes.”