Working from home securely

Issue 3 2020 Security Services & Risk Management

In terms of the COVID-19 situation, we read too much about isolation and work from home, but we go through even more on how to organise our work-from-home processes. As a security expert, I will not tell you about tools or life hacks for productive remote work. I want to talk about the risks a company faces when businesses have to move employees urgently to a home office and how to organise everything to prevent risks.

In my opinion, there are three main risks:

1.) Employees who are not familiar with remote work will most often take this kind of work for a holiday break and the employer will not only lose revenue due to loss in productivity but also will remunerate these employees for a service not delivered.

2.) Security issues include the limitation small businesses experience due to lack of resources and infrastructure trying to move employees off-site in such short space of time. It is also important to realise the risks that are involved in such an operation. It is also a major challenge for large enterprises, moving several thousand employees to work remotely from home.


Sergey Ozhegov.

3.) Challenges that companies face with staff working remotely include: unstable Internet connections, unsuitable working conditions (an employee is unlikely to be productive if he/she lives in a small apartment with their partner and a couple of preschool children). However, the responsibility remains with the employee to ensure that they create a workable environment in their homes as they still have a responsibility towards the service delivery of their company.

If the last risk is entirely left to an employee, then the first two can be neutralised by implementing and managing information security processes properly. I’d like to outline three main approaches that describe options for a quick and relatively inexpensive solution for business implementing remote working conditions:

1. Remote access to corporate services

The approach assumes that employees use their personal laptops to connect to all the necessary services: CRM systems, VoIP telephony, workflow systems, task trackers and corporate mail. Access to the familiar IT infrastructure, as a rule, is provided simply through a browser.

How fast can it be done? Time frames depend on the choice: either provide access to services from the Internet or to securely connect them to the platform of a hosting- or cloud-service provider. If a company has not worked with the listed corporate services before, then it makes no sense to implement this service from scratch to arrange remote access as it will take a lot of time and effort.

Financial expenses: The costs of organising this kind of work are close to zero or equal to the amount of the monthly subscription for the services of a cloud service provider.

Risks: If the protective measures are taken, sensitive corporate information will be safe. I’d like to outline the following minimum:

• Two-factor authentication when entering services e.g. SMS.

• Strict access control (this is normally ignored).

• Cryptographic protection of data transmission channel.

• Maximum restriction for copying and downloading (for example, blocking the right mouse button, clipboard - this can be done in the settings of the corporate service).

If there is no data protection, I would not recommend this approach, because the employer is almost completely losing control over corporate data.

Pitfalls: If you use the platform of a hosting/cloud service provider for your services, you need to make sure that they comply with local laws and corporate information, including the protection of personal data of employees that are stored on these servers.

2. Remote access to corporate IT infrastructure

An employee can access his/her corporate PC or desktop of a terminal server from his/her personal device. This option is convenient, as an employee will be able to use the standard tools and will see the usual desktop and icons.

Here we could talk about access through VDI, which is considered one of the safest approaches for remote work. Nevertheless, deploying it quickly without a well prepared IT infrastructure is costly and time-consuming. This option might be viable for large corporates. but it has a major financial impact as VDI workstations are expensive and the logistics in a lockdown environment might become a nightmare to manage.

How fast can it be done? This option will require time training employees on how to use the remote connection software accessing the corporate PC or terminal server.

Financial expenses: There are practically no costs, because the issue is resolved in the settings of the operating system and network devices. If you need to organise access to the desktop of the terminal server, additional costs may be required to expand the bandwidth and the procurement of additional hardware as they will be overloaded.

Risks: Although, in this case, the data does not leave the corporate perimeter, the employee is the weakest link in this scheme. An employee may compromise his/her account if a username or password becomes known to outsiders. Therefore, as in the previous approach, the level of security depends on additional security measures. Two-factor authentication is required to access corporate services, including electronic mail. In addition, you must completely prohibit, through security policies, the downloading of data to personal devices, as well as access via open, unencrypted connections.

3. Mobile workplace

This approach assumes that an employee takes his\her corporate laptop home. Since it is a part of the employer’s IT infrastructure, all information security policies remain valid, but need to be adjusted. In particular, it is necessary to ban employee’s access to the BIOS so that he/she can’t boot an OS from a flash drive. Frankly speaking, all external ports should be blocked; usually in the office this not a requirement.

These are the approaches and measures that any business can implement quickly and with minimum budget. But you’ll probably need to spend extra money on strengthening technical support from the outside, because the resources of your employees - IT and information security experts - may simply not be enough. This applies especially when it comes to SMBs, where specialists often are not employed due to the cost of such an expert or the scarcity of this skill.

Therefore, when planning remote work, you will have to realise that you may not be able to cope with everything yourself. Obtaining outsource support can be a robust solution that saves time and money. Besides, many vendors and service providers, including us, are meeting clients’ needs by offering different solution including, but not limited to, free software licenses, consultations, and a wide range of other services.

For more information contact Condyn, +27 12 683 8816, info@condyn.net, www.condyn.net


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Digital evidence handling in the cloud
Issue 5 2020, ET Nice , Security Services & Risk Management
Investigate Xpress is a free, cloud-based digital evidence management solution designed to make police forces more efficient and productive.

Read more...
The evolution of security in residential estates
Residential Estate Security Handbook 2020 , Editor's Choice, Integrated Solutions, Security Services & Risk Management
Two large estates discuss their security processes and the ever-expanding scope of responsibilities they need to fulfil.

Read more...
Bang for your security buck(s)
Residential Estate Security Handbook 2020, Alwinco , Editor's Choice, Security Services & Risk Management
Hi-Tech Security Solutions asks how estates can maintain a good security posture in the time of the ever-shrinking budget.

Read more...
More efficient guarding through the effective use of technology
Residential Estate Security Handbook 2020, Technews Publishing, OnGuard, Stallion Security, Active Track , Security Services & Risk Management
Technology in its many forms can be used to optimise the efficiency and performance of on-site guarding.

Read more...
Range of grid-independent power systems
Residential Estate Security Handbook 2020, Specialised Battery Systems , Products, Security Services & Risk Management
SBS Solar has a range of solutions to provide power, save on costs and above all provide peace of mind.

Read more...
More than just compliance
Issue 5 2020, IACT-Africa , Security Services & Risk Management
SA is one year away from the Protection of Personal Information Act (POPIA) D-Day.

Read more...
The benefit of thermal screening
Issue 5 2020, Technews Publishing, Sensor Security Systems , Security Services & Risk Management
How preventive screening with thermal cameras can help in the fight against COVID-19.

Read more...
Resilience is critical for post-COVID business success
Issue 5 2020, ContinuitySA , Security Services & Risk Management
Of the many lessons we have to learn from the current emergency, perhaps the most crucial one is to ensure that business strategy and operations are founded on resilience.

Read more...
Post-Coronavirus communications: kick start your small business
Issue 4 2020 , Security Services & Risk Management
In these uncertain times, how should small companies and startups in the business-to-business domain recommence their selling and communication processes?

Read more...
The dashboard of the future
Issue 4 2020 , Security Services & Risk Management
Web-based Electronic Signature Dashboard offers quick access to eSignatures within the necessary legal parameters and incorporating advanced security.

Read more...