Working from home securely

Issue 3 2020 Security Services & Risk Management

In terms of the COVID-19 situation, we read too much about isolation and work from home, but we go through even more on how to organise our work-from-home processes. As a security expert, I will not tell you about tools or life hacks for productive remote work. I want to talk about the risks a company faces when businesses have to move employees urgently to a home office and how to organise everything to prevent risks.

In my opinion, there are three main risks:

1.) Employees who are not familiar with remote work will most often take this kind of work for a holiday break and the employer will not only lose revenue due to loss in productivity but also will remunerate these employees for a service not delivered.

2.) Security issues include the limitation small businesses experience due to lack of resources and infrastructure trying to move employees off-site in such short space of time. It is also important to realise the risks that are involved in such an operation. It is also a major challenge for large enterprises, moving several thousand employees to work remotely from home.

Sergey Ozhegov.

3.) Challenges that companies face with staff working remotely include: unstable Internet connections, unsuitable working conditions (an employee is unlikely to be productive if he/she lives in a small apartment with their partner and a couple of preschool children). However, the responsibility remains with the employee to ensure that they create a workable environment in their homes as they still have a responsibility towards the service delivery of their company.

If the last risk is entirely left to an employee, then the first two can be neutralised by implementing and managing information security processes properly. I’d like to outline three main approaches that describe options for a quick and relatively inexpensive solution for business implementing remote working conditions:

1. Remote access to corporate services

The approach assumes that employees use their personal laptops to connect to all the necessary services: CRM systems, VoIP telephony, workflow systems, task trackers and corporate mail. Access to the familiar IT infrastructure, as a rule, is provided simply through a browser.

How fast can it be done? Time frames depend on the choice: either provide access to services from the Internet or to securely connect them to the platform of a hosting- or cloud-service provider. If a company has not worked with the listed corporate services before, then it makes no sense to implement this service from scratch to arrange remote access as it will take a lot of time and effort.

Financial expenses: The costs of organising this kind of work are close to zero or equal to the amount of the monthly subscription for the services of a cloud service provider.

Risks: If the protective measures are taken, sensitive corporate information will be safe. I’d like to outline the following minimum:

• Two-factor authentication when entering services e.g. SMS.

• Strict access control (this is normally ignored).

• Cryptographic protection of data transmission channel.

• Maximum restriction for copying and downloading (for example, blocking the right mouse button, clipboard - this can be done in the settings of the corporate service).

If there is no data protection, I would not recommend this approach, because the employer is almost completely losing control over corporate data.

Pitfalls: If you use the platform of a hosting/cloud service provider for your services, you need to make sure that they comply with local laws and corporate information, including the protection of personal data of employees that are stored on these servers.

2. Remote access to corporate IT infrastructure

An employee can access his/her corporate PC or desktop of a terminal server from his/her personal device. This option is convenient, as an employee will be able to use the standard tools and will see the usual desktop and icons.

Here we could talk about access through VDI, which is considered one of the safest approaches for remote work. Nevertheless, deploying it quickly without a well prepared IT infrastructure is costly and time-consuming. This option might be viable for large corporates. but it has a major financial impact as VDI workstations are expensive and the logistics in a lockdown environment might become a nightmare to manage.

How fast can it be done? This option will require time training employees on how to use the remote connection software accessing the corporate PC or terminal server.

Financial expenses: There are practically no costs, because the issue is resolved in the settings of the operating system and network devices. If you need to organise access to the desktop of the terminal server, additional costs may be required to expand the bandwidth and the procurement of additional hardware as they will be overloaded.

Risks: Although, in this case, the data does not leave the corporate perimeter, the employee is the weakest link in this scheme. An employee may compromise his/her account if a username or password becomes known to outsiders. Therefore, as in the previous approach, the level of security depends on additional security measures. Two-factor authentication is required to access corporate services, including electronic mail. In addition, you must completely prohibit, through security policies, the downloading of data to personal devices, as well as access via open, unencrypted connections.

3. Mobile workplace

This approach assumes that an employee takes his\her corporate laptop home. Since it is a part of the employer’s IT infrastructure, all information security policies remain valid, but need to be adjusted. In particular, it is necessary to ban employee’s access to the BIOS so that he/she can’t boot an OS from a flash drive. Frankly speaking, all external ports should be blocked; usually in the office this not a requirement.

These are the approaches and measures that any business can implement quickly and with minimum budget. But you’ll probably need to spend extra money on strengthening technical support from the outside, because the resources of your employees - IT and information security experts - may simply not be enough. This applies especially when it comes to SMBs, where specialists often are not employed due to the cost of such an expert or the scarcity of this skill.

Therefore, when planning remote work, you will have to realise that you may not be able to cope with everything yourself. Obtaining outsource support can be a robust solution that saves time and money. Besides, many vendors and service providers, including us, are meeting clients’ needs by offering different solution including, but not limited to, free software licenses, consultations, and a wide range of other services.

For more information contact Condyn, +27 12 683 8816,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Post-Coronavirus communications: kick start your small business
Issue 4 2020 , Security Services & Risk Management
In these uncertain times, how should small companies and startups in the business-to-business domain recommence their selling and communication processes?

The dashboard of the future
Issue 4 2020 , Security Services & Risk Management
Web-based Electronic Signature Dashboard offers quick access to eSignatures within the necessary legal parameters and incorporating advanced security.

The end of blind alarms
Issue 3 2020 , Security Services & Risk Management, Perimeter Security, Alarms & Intruder Detection
Today’s alarms should be supplemented by visual verification to ensure that guards are not dispatched to false alarms, wasting time and money.

Is cash crime on lockdown this Easter?
Issue 3 2020 , Security Services & Risk Management
While Easter is generally a peak trading season for retailers, this has also always been one of the busiest times of the year for criminal activity – particularly at a retail level, as cash volumes rise ...

Coronavirus scams abound
Issue 3 2020, Duxbury Networking , Security Services & Risk Management
Disturbingly, hackers are active even during times of global disaster, as evidenced in the various cyber-scams doing the rounds in the recent weeks.

Now is the time to look for those hidden opportunities
Issue 3 2020 , Security Services & Risk Management
Now is the time to showcase your capabilities, to ensure that once the market turns, existing and potential clients know exactly what value you can offer.

The COVID-19 lessons business must learn
Issue 3 2020, ContinuitySA , Security Services & Risk Management
Although the crisis is still unfolding, it’s already clear that building resilience into your organisational DNA is more important than ever.

All employees do it
Issue 3 2020 , Security Services & Risk Management
SearchInform analytics has summed up the most frequent security incidents detected in client companies.

Can your backup solution handle business needs?
Issue 3 2020, Commvault , Security Services & Risk Management
With the accelerating growth of data continuing unabated, many organisations are faced with backup solutions that are unable to keep pace.

South Africa to lead cloud adoption race on the continent
Issue 3 2020 , Security Services & Risk Management
As the battle between international cloud providers intensifies, Africa’s cloud market is starting to gain traction with many enterprise customers seeking access to the cloud and associated services.