With Covid 19, Work From Home (WFH) or Work At Home (WAH) has become a necessity rather than a convenience. Both Google and Facebook recently said they will let most employees work from home through the end of 2020. More and more companies are making WFH a new Norm. Shopify, a leading e-commerce shopping cart provider recently announced that they will shutter their offices throughout 2020 to restructure the working environment and from 2021 onwards, most will be permanently WFH. Closer to home, PNB or Permodalan Nasional Berhad has recently announced that WFH will be a permanent options for qualified employees.
After all, with all the advances in technology, both on the broadly available network bandwidth in terms of speed and pricing as well as the number of cloud and network tools, working remotely has never been easier. Collaboration tools and video conference has become ubiquitous. With this suite of available tools and technology, it is no surprise that we are positioned well for this new normal.
Whilst most companies may struggle to get WFH up and running, at Brandt International, we were fortunate that our Digital Transformation Journey started a few years ago. Rather than an intensive Digital Transformation, we planned out a sustainable comprehensive plan that was implemented over a few years. This meant that we did not have to put unnecessary financial and resource strain on the company, while allowing us to fully explore the various options of best of class digitization that fit both growth, business needs and budget.
We comfortably implemented our WFH prior to the pandemic lock down and was fully operational on Day 1. To achieve this, we had multiple discussions with our clients to take them into the WFH arena successfully. There were a lot of considerations that was discussed and one of the key considerations that occasionally gets overlooked is Security.
Security – The necessary Evil
The concept of WFH means that you are extending your network into your employee’s home. This means that you have to secure all entry points not only in your office, but also those additional end-points that are now physically outside your office and most of the time, outside the reach of your IT personnel as well. When doing so, there are many security aspects and technology devices/tools that you can use.
Securing the Home environment:
The first step is to look at your WFH network. The home broadband and wireless network at your employee home is the first entry point. Wireless networks by nature are easier to gain access considering that you just need to be within range of the network. This means requiring employees to setup their wireless network access following recommended IT policies such as WPA2 encryption, strong password standards and if possible, a separate wireless network for personal use and work.
The next simple step you need to consider is the end-point device. The ideal recommendation would be for the home PC or device be separate from the work PC. It may or may not be possible for all employees, especially during the lock-down period when sharing personal equipment or deploying BYO equipment policies (BYO will be a separate topic in the future). While office computers are generally “hardened” security-wise with settings for tighter security, whitelisted applications or websites in order to reduce available surface for attacks or vulnerabilities, the shared computer may not be able to fully implement all the required restrictions. It is good practice however to have strong passwords – especially for logins (no auto-login), anti-virus and malware scanners to ensure the computer is protected at all times.
The second step is to ensure security of the link between the WFH computer to the company servers. Since the link is going through the Internet, we have to ensure that the connection is highly secured. That means a strong end-to-end VPN encryption from the WFH PC to the company network and servers is the minimum requirement to be put in place for a secured WFH setup. Of course if your security requirements differ, especially for financial or highly secret research information, additional security, encryption such as tokens, device encryption, signed certificates and more can be implemented, including end-point entire device encryption as well. The level of security needs to correspond to the business requirement as security does come at a price – both in monetary terms as well as adding complexity and degrading performance.
Lastly, constant monitoring is always required, more so with WFH as the number of endpoints has increased, IT Security vigilance is doubly needed to ensure security is maintained at all times. This can be done with automated tools for scanning, reporting and prioritization of alerts to the IT team to take proactive action.
Don’t forget the human touch
Many tech support and IT departments in large companies have always made fun of the users that make all sorts of support requests for some of the most mundane or basic errors. No matter how good a security system you have, the users are always the weak point. Passwords have been left under keyboards or on post-it notes are common but the rise of phishing attacks where perpetrators have imitated a user or website are proof that tricking the user may be easier than trying to break into the system’s security. Security needs to begin and end with each employee – all of us need to be accountable and realize what are secure practices and what are not. Just like banks constantly reminding their customers not to give our their pin numbers or passwords, this needs to happen frequently when our employees are working from home.
Brandt HR and IT jointly work to constantly ensuring that employees practice secure habits such as locking their computers when going away from the desk or ensure strong and different passwords are used for different systems. There is a lot more that we do to ensure our network, our systems and our clients’ systems and data are protected. Welcome to the new normal of work.
