The comfort and advantages of working from home are numerous with saving on travel time & costs and more time with family, being the most prominent. The facility was available to some peoples earlier, but now the WFH is being mandated by the firms with government bodies also forcing all to follow it, because of the COVID-19 outbreak.
Current ‘work from home’ diktat, aimed at ‘social-distancing’ to limit the employee exposure to potential viral infection and maintaining the business continuity, is also associated with cyber-security risks. European cyber-security agency ENISA has already pointed out the phishing scams related to corona virus as the unwary clicks are leaking the data and passwords.
The major data breaches have always been mainly attributed to the employee’s negligence and 17% of all such cases in 2019 were caused by employees themselves. Though the current scenario seems to be scary, a few prudential practices with timely communications can effectively counter the glitches.
Potential security risks:
- Physical security of the devices: Office equipment will be at greater risk as employees are out of safe and secure workplace. Full data encryption, logging out when not in use, never leaving the device unattended and a strong password protection are the main measures to be followed.
- Operational Risks: Supporting a large number of VPN connections simultaneously not only poses additional strain to the IT team but also is a threat to data security. Authorization, authentication and access through such VPN may result in employees accessing confidential data.
- Home Network Security: While working from, the network service used is connecting the several devices and the features are neither updated nor secured.
- Gradual Rollout Procedure: Some organization follows a strict IT policy of managing and deploying security & software updates at the endpoints. A rollout procedure needs to be adopted in a way to deliver them at once without affecting the inbound and outbound traffic. The bandwidth congestion, along with delaying the deliveries also puts the data security at question.
Potential Protective Measures :
- Complete data backup systems: Along with backing up important files regularly, a strong backup strategy is a must to be deployed for any unpleasant circumstances.
- Simultaneous VPN and different set of guidelines: Providing a secure and simultaneous VPN to all along with additional set of regulations for the work from home must be rolled out and explained. For a smooth functionality and observance on the employee work, technology of monitoring the work and logging out, also needs to be worked on.
- Web Security Protection: Fraudulence has also soared in an attempt to leverage the negligence. A robust network attack defense technology at the employee end is also must to be installed.