Why Use Work from
Home (WFH) concept?

Due to the forced quarantine, many organizations have switched to Work From Home type of working. Remote workers are now approaching nearly half of the global workforce, and the number continues to grow. What's more, entire companies adopt telecommuting, swapping physical office spaces for online environments and leveraging human resources around the world to grow their businesses and reduce costs. This is why Work From Home (WFH) Security needs to be taken care of.

Want to have an in-depth understanding of all modern aspects of Work From Home (WFH) Security?
Read carefully this article and bookmark it to get back later, we regularly update this page.

Mobile work is a reality for the near future, but you shouldn't think that it is like a vacation. Communication requires more effort, and an employee's job responsibilities can be constantly changing. This means new challenges for digital security, which can be much more difficult to solve on employee’s own means because not everyone can allow a well-functioning data protection system at home.

For Work From Home (WFH), it's not enough to hand each employee a device or implement a policy (BYOD) to use personal devices for business purposes. Full-fledged remote work requires a fundamental change in the work culture when management must set a personal example of mobility at work, as well as find a way to keep control over what is happening. Loss of control is arguably the biggest barrier to telecommuting, as the use of personal devices makes a company more vulnerable to attacks from cybercriminals seeking to take over data.

Telecommuting also poses risks associated with accessing company resources through the unsecured home and public networks. Additionally, mobile devices often are getting lost or go away to pickpockets. However, staff mobility is rapidly becoming a business necessity.

What Threats Work
From Home (WFH)?

Not all users are responsible enough for the security of their mobile devices. More than a quarter of all people do not even block their smartphone screen, while mobile devices are widely used for business correspondence, online shopping, and other important and confidential tasks related to financial and personal data. To fully appreciate the magnitude of the problem, simply look at how often people lose their smartphones. The cost of the mobile device itself is nothing compared to the value of all the data and files stored on it, which can be accessed by outsiders.

Telecommuting is familiar to workers of many economic fields. Many have already worked outside the office and have established remote work processes, for example, collaborating on documents in the cloud, using messengers, and others. The use of voice (VOIP) and video conferencing has become an everyday and widespread case. Programs like Google Hangouts, Zoom, Skype, Join.me, WebEx, and other alternatives are great for video conferencing, which have wide functionality and, among other things, allow users to see the faces of your colleagues, clients, job seekers, show their screen, record videos. All these functions are of great importance because they make it possible to recreate the atmosphere of an office presence.

But there are also differences from what it was before the COVID-19 pandemic. So, for example, during a risk audit, it is mainly about the office network, office equipment, and work computers. There are often not enough resources to inspect all of your personal devices, especially now that most employees work from home networks and on personal devices.

Here, you should now do a simplified risk assessment for yourself, similar to the organization's risk estimation. To do this, answer yourself a few security questions:

• What important do you have that could be of interest to attackers?
• What is the probability that something bad can happen to this important one?
• What will be the consequences if something does happen?

If you think the risks to Work From Home (WFH) Security are high enough, then consider what you can do about it. If not, then it's worth taking a look at the widespread risks and potential problems that many are currently facing.

1. Malfunction of devices and loss of information. Backups are needed more than ever. If your computer breaks down, it is unlikely that you will be able to quickly recover information from your hard drive. Large amounts of information, such as videos and photos, are faster and more convenient to backup to external drives. It is more convenient to store documents and small amounts of information in cloud storage such as Google Drive, iCloud, OneDrive, Dropbox, etc. In this case, you should set up automatic backups, but do not hope that you will not forget to copy everything you need to manually. If you are already using these backup methods, then check again, and don't forget to copy something important.
2. Limited or no IT support due to quarantine. In the public sector, the availability of an IT specialist, even part-time, is very rare. Moreover, it becomes rare in quarantine. However, the vast majority of IT specialists have long been able to provide remote technical support by phone, chat, or using special programs and technologies for remote connection, such as TeamViewer, AnyDesk, VPN + RDP and the like. It should be borne in mind that most of the methods of remote connection to a computer are not much different from the fact that you would just let a person sit down at your computer. Therefore, be careful about who exactly you provide remote access to the device.
3. Sharing devices at home. If you share your home computer with loved ones, create separate accounts on Windows or macOS. So, everyone will have their own desktop, documents, and bookmarks in the browser, protected by separate passwords. It's much more complicated on mobile devices. The optimal solution is not to give anyone access to your mobile devices. If possible, children should be provided with a separate mobile device for games and entertainment, without access to your email or other services. Create separate Google accounts or Apple IDs for mobile or SmartTV devices used for entertainment, rather than linking them to your primary Google or Apple ID accounts!
4. Hacking accounts through phishing, in particular related to the topic of COVID-19. With the spread of the coronavirus, related scams have become popular. So, in recent times, the number of messages disguised as official sources such as the World Health Organization has increased, inviting users to enter their passwords, or download and run attachments with a virus.

Remote Worker Rules for
Maintaining Work From
Home (WFH) Security

Digital security experts know how to equip remote employees with a new workplace. To work from home with maximum comfort, but at the same time to be protected from the point of information security, you must follow a number of rules.

• Follow all recommendations on the settings of e-mail accounts, social networks, instant messengers and others remain relevant. First of all, you need to use strong individual passwords. It is important to use different, complex passwords for different accounts, such as email or work applications.
• Learn how to recognize phishing emails that are often sent to corporate email addresses. Phishing is a social engineering technique, so when you receive an e-mail with an unusual request, carefully check the sender's details to make sure that you are communicating with colleagues and not with cybercriminals. It has been found that domains associated with coronavirus are more than half as likely as malicious, so you need to be critical of emails.
• Do not use your work device for personal purposes, such as playing games or watching TV shows, because this poses an additional security risk. Also, the risks increase if the employee uses his personal computer for work.
• If you cannot avoid using a personal device for business purposes, you should consult with the IT team on how to improve security, for example by adding powerful security solutions.
• In addition, many employees use Wi-Fi to access the Internet. If you have to work from home, you need to protect your home Wi-Fi network with a complex, non-factory password.

How Can Company Ensure Work
From Home (WFH) Security?

The main risks when working from home are, in fact, the same as when working from a corporate network, namely, unintentional transmission of information to unreliable users, using the same passwords, open storage of access keys, unsafe Wi-Fi networks, viruses, etc. Therefore, in order to prevent leakage, it is necessary to follow simple information security rules.

If employees working for you remotely have regular access to your corporate system, then it is worth establishing appropriate Work From Home (WFH) security rules. An important starting point will be a strong personal device policy that defines which devices and applications are allowed, the required protective measures, and how corporate data is exchanged. For example, you should not allow remote employees to access corporate data from a smartphone with modified firmware, or from a highly outdated computer, the operating system on which is not updated for a long time.

1. It is necessary to clearly define what constitutes a trade secret and what sanctions for employees will follow as a result of its disclosure.
2. Remote work should be organized only through VPN channels, if an employee works with business-sensitive information, connects to the company's servers, then, and antivirus with the latest updates must be installed on the PC.
3. Don't forget about password protection. If an employee uses a weak password, then this can be a serious breach in the company's security system.
4. Implementation of the second factor of authentication (2FA) of users. The most convenient option is a mobile application that will generate a one-time password (OTP) for the user in addition to the password, which will significantly complicate any attempts to hack corporate resources, which would otherwise be carried out by simple brute force.
5. Use commercial solutions to control the outer perimeter of your corporate network.
6. Check mobile devices connected to the company's production network for vulnerabilities using specialized tools such as ImmuniWeb® MobileSuite.
7. Apply comprehensive means of continuous testing of the entire information system of your company, providing constant protection against all kinds of threats.

A Risk-Free Future with Work From Home (WFH) Security

When employees work outside the office, there is a risk of theft of company data and an increase in the number of information security threats, but staff mobility should not become a source of concern. Mobility does not lead to a loss of control, but simply allows you to disperse work resources so that your team can work in the optimal conditions for them, with the maximum benefit for the company.

You need to conduct regular, or better, ongoing, complex check of devices, employees accounts, remote access services, and the server segment to help you reduce cyber risks when exiting remote work. State-of-the-art Work From Home (WFH) Security and Workplace Protection tools give you complete control over the security and regulatory compliance of your digital assets. You can always protect your corporate data, no matter where your employees are.

Additional Resources

• Learn more about AI-enabled Attack Surface Management with ImmuniWeb® Discovery
• Learn more about AI-enabled Application Penetration Testing with ImmuniWeb
• Learn more about ImmuniWeb Partner Program opportunities
• Follow ImmuniWeb on Twitter and LinkedIn