This is How Much Security Your Home Office Needs.
Insufficient security awareness and inadequate security measures are putting the home office at greater risk of cyberattacks. Now is the right time to correct this situation.#BYOD CYOD #Microsoft 365 Modern Workplace #Security as a Service #Security Risk Assessment #Security Awareness #Vulnerability Management #IBM
Employees love their home office: A gfs.bern study conducted during the lockdown shows that more than 80 percent of those surveyed are mostly positive about working in a home office. Digital collaboration works well, but there is a need for additional know-how and better infrastructure. Precisely the same applies to the state of cyber-security in the home office.
Most security breaches in businesses, almost 70 percent, occur through endpoints, according to a survey by Helpnetsecurity magazine[i]. Before the pandemic, these endpoints were located within the secure territory of a company's IT manager. Today, many users prefer to use their own devices and decide for themselves if and how they want to protect them and their home office network. This is not a good strategy. A successful cybersecurity attack on such a remote office can easily endanger other parts of a company's IT infrastructure and potentially cause great damage.
IT security must identify risks swiftly
Obviously, the increased risk in the current situation is not attributable to the employees working from home. In fact, numerous companies have missed opportunities to expand their IT security in time. To secure a company it is essential to know what is happening in the IT system at all times. SIEM (security information and event management) is employed exactly for this purpose. SIEM solutions combine security event management, analyzing event and log data in real-time, with security information management analyzing and reporting log data. In other words, SIEM software collects any log and event data generated by applications, host systems, or security systems in an enterprise and makes such information available on a central platform. This enables the timely detection of behavioral patterns and deviations from normal behavior, i.e. potentially malicious activities, and the ability to combat them. For example, if a user logs on to the system early on a Sunday morning and then starts to copy a large number of files, SIEM automatically recognizes that these are abnormal activities and can intervene immediately.
2FA is indispensable in the home office too
Two-factor authentication is also essential in the home office[ii]. Although this security feature is very widespread today, the enormous speed of deployment of thousands of home office workstations meant that in many cases the implementation of 2FA was forgotten or simply ignored. A VPN (virtual private network), for example to access the workstation computer in the company from the home office, is only practical if it is secured. The VPA login should therefore be secured with 2FA to protect company data.
However, all these measures are not very effective if the end users do not care about security issues or do not follow security guidelines. It is therefore important to educate home office employees about security issues. They also need clear security instructions. Companies should establish unambiguous and binding security regulations and communicate these in writing to all parties involved.
Of course there are other, very basic rules to be observed in the home office[iii]:
- Nothing to see: Make sure no unauthorized person can view your data.
- Clear verification: Only communicate via channels that are absolutely trustworthy.
- Beware of phishing: In the current situation, you must expect an increasing number of phishing emails designed to steal your sensitive data.
Contact us if you have any questions about the security of your employees in their home office. We at UMB have the necessary know-how to establish the necessary technical requirements for you at any location, from your company headquarters to all of your employees’ home offices. We offer security intelligence as a service and will be happy to assist you.