By Matt Bennett, UK MD, Cellhire plc, York
Working from home [WFH] can be a threat to the employer organisation, or, in the case of freelances, a threat to their client’s operation. Although the employer or client organisations should have safeguards in place to counter the threats, not all do and some safeguards are insufficient.
Email management systems provide an early, important safeguard, helping with email-based threats, phishing included, which are very much a headache that must addressed. Another safeguard is endpoint security gaps created by less-than-ideal antivirus protection for example; or friends or family using the same computer, perhaps utilising USB sticks in the process or visiting at-risk websites or websites masquerading as the real thing.
“Admin” as a router password?
Weak router and network passwords can be taken advantage of by hackers. Some employees or freelances might not have secured their wireless network or know how to get into their router, via its browser-based admin [which should be adequately password protected], to see if there are unknown devices on their network. Some new routers come with ‘admin’ as the default password, which is not a secure password and should be changed.
New routers can force password and network protection onto the user, or at least make suggestions during the router set up. Old routers, especially those which have not been regularly software updated, and those using earlier-generation security methods – WEP instead of WPA-2 – for example, pose a risk. An old router’s firmware should be updated, and its security method improved, or the router replaced.
Employees who WFH should be concerned – and advise their employer’s or client’s IT people – if they suspect a cyber breach has happened. Signs of a breach include pop-up ads appearing, the computer slowing down, web searches being directed to a new, not intentionally-installed search program, and other programs, that were not intentionally installed, appearing.
A very clear breach is an unwelcome ransomware message demanding payment of £xyz or the computer will be locked. Backups are a great guarantee against loss of work and other files caused by a ransomware attack.
If WFH computer users work via their organisation’s or client’s cloud-based service, offline backups are less important, because the cloud service will be, or should be, making and duplicating its own backups of that work.
The phone: landline or smartphone – risks
Another soft point in security armoury is the phone – landline or mobile. Consequently, bank websites are issuing warnings like this one: “Fraudsters are cold calling customers at random. If you’ve been called unexpectedly, and asked to download software on any device, STOP! You may be the next victim of a scam. NEVER tell anyone your security details or passcodes – not even us.”
Banks also advise their customers the following:
Please remember the bank, the police or a trusted organisation would never:
– Ask you to download software on to your computer or mobile device and then ask you to log in to your bank account
– Ask for your financial information or full security details
– Ask you for your PIN code or online banking verification code
– Ask you to move your money to another account to keep it safe
Fake bank calls are not the only threat by phone. Calls pretending to be by Microsoft or the user’s broadband provider are also common and ultimately seek to take control of the user’s computer – in the case of the fake Microsoft calls – or gain access to the user’s bank account [which can also happen via links in emails].
A high level of protection can be provided by VoIP-based phone apps. More below.
Further risk mitigation
Bearing in mind the information and recommendations given above, organisations wishing to create a more data/work secure environment for their employees and key freelances have the option of taking things a step further by providing the latest and optimally secure hardware – complete, where applicable, with all the work apps, or for access to their work on the cloud.
Another step is the provision of a work-specific, VoIP-based virtual phone number, available through the secure AllTalk app, for example, enabling calls to be made and received via a tablet, computer or smartphone in any combination of them, regardless of where the user is in the UK or abroad. The app is also one way of bringing team members together, virtually, wherever they are.
On the subject of smartphones, although their contents can be secure – especially provided the phone isn’t lost, stolen, shared or “left lying around” – its assigned phone number might be known to many outsiders, including strangers. By having a work-only virtual number, the user can make and receive calls on their smartphone via the VoIP-based phone app, secure in the knowledge that the calls remain in the business/work environment. The same number can be used across users’ devices. All they need is the app on them.
What new hardware can those who WFH – or when on the move, coronavirus regulations permitting – be supplied with, and how? – by capex or rental agreement? Purchasing new smartphones, tablets, laptops and MiFi-based Hotspots is an option, but perhaps not necessarily the ideal one, depending on circumstances.
The other option is short, medium or long term rental, which enables financial and business agility benefits to be realised.
Another bit of hardware that organisations can consider is the more difficult-to-hack thin client, or “dumb terminal”, deployed to enable a lower cost and more risk-free way for those who WFH to access their work on the cloud. No processing is done on the device, which is basically a keyboard with a screen, meaning the user doesn’t have to perform backups or worry about having a virus on the device.
Personal Wi-Fi hotspot
A MiFi – a small, portable router – provides a secure personal Wi-Fi Hotspot wherever its user is: at home, in a temporary office, on the move or at an airport or other public place. For MiFi users at home or elsewhere in locations where a 4G or 5G signal is very weak to almost non-existent, the signal can be enhanced by a MiFi-specific antenna. For those using a larger, office or home style 4G or 5G router, a different type of antenna can be used.
WFH, or a hybrid of WFH and office-based work, has benefits for employees and their employer, but also poses risks outlined above. Freelances, long used to WFH, hot desking or a temporary office, or coffee shops when not in lockdown, might be more aware of the risks – because data loss can mean income loss or a client lost – but still need to stay alert to risks and how to reduce them.
Providing staff with best-in-class hardware and software that addresses data security concerns and optimal work performance is one approach to staff WFH. Staff using old systems at home can result in reduced productivity and risks to data. Sharing a home [i.e., non-work dedicated] router with others poses risks connected with their potentially careless computing, downloading and online habits, including gaming online.
Employers face another risk they tend not to when staff work from the office: “human” behaviour. Educating their WFH staff and freelances in risk reduction through good practice is key.
More at cellhire.co.uk/work-from-home