Information Security – Episode 4 Remote working
While home and hybrid working continues to grow in popularity, remote working has had to step aside from the spotlight temporarily. As further Coronavirus restrictions are lifted and confidence builds back to levels seen prior to the pandemic, it is inevitable that use of public Wi-Fi will increase once again on trains, public transport, hotels, restaurants, coffee shops and bars. In fact, we’re predicting that with the number of employees who have embraced the home and hybrid working lifestyle, we’ll see an even sharper rise in working from remote locations.
While remote working does bring different challenges to home working, the basic principles for protection remain similar, with the end user perhaps being a little more aware of the potential risks as a result of their experiences while working from home in the past two years.
Here’s some safety advice for those who currently work remotely or those who are tempted to do so in the future…
We’ll assume that the security fundamentals such as strong passwords, virus protection and essential updates are already being applied and will begin with the next most obvious risk – public Wi-Fi.
If you’ve ever watched a film where they show a map of the world and predict how a virus is going to spread, it starts out as a few scattered red spots on the screen until the entire land mass is flooded in a sea of red. I picture this image when thinking about the increased hotspot coverage in the UK – maybe a little slower, but rapidly increasing never-the-less.
As exciting as that is, unfortunately you cannot control who else is connecting to one of these networks. You didn’t set it up so you have no idea whether they are properly secured or even who the actual owner of the network is. Connecting to a public hotspot is like eating an unopened chocolate bar that you find on the street. It looks intact, you enjoy chocolate – what could go wrong?
Well, in the first instance you may not be connecting to a genuine hotspot at all. Cyber Criminals create rogue hotspots designed to look like genuine ones and once you log in, everything you do online can be seen. This is a “man-in-the-middle” attack. In addition to waiting for you to enter online account or banking details, this method of attack is often used to send malicious software directly to your device. Always validate the network that you are connecting to by speaking to a member of staff.
Make sure that any site you visit uses ‘https’. You’ll find that at the start of the URL or you can just look out for the small padlock before the URL. This means that any information shared between you and the site is encrypted. Be cautious of what you access when remote working. If you can help it, try not to access any social media sites or banking apps at all. The risk is just too great.
If your laptop or phone has file sharing turned on, turn it off before you connect to a public hotspot. If you are accessing any company sensitive information, whether it is within your email or on a cloud service, always connect via a Virtual Private Network (VPN).
Alternately, where you have both a phone and a laptop, and a connection allows, consider tethering to your mobile phone instead of utilising a public network.
What else can you do?
Unfortunately, the list of potential threats doesn't end there. One of the bigger risks of remote working is the potential loss or interception of company data. Devices are at risk of being lost or stolen so always take additional caution in ensuring the physical safety of your equipment. Never let them out of your sight or unattended. If you open your laptop on the train on the way in to work to make a head start on your emails, you can’t just lock the device and leave it on the seat if you need to use the bathroom. In fact, once you've advertised having a work laptop to the entire carriage, the device must remain with you at all times.
Now that you are on high alert and prepared to put life and limb on the line to prevent your device from being stolen, remember to also keep an eye on your surroundings. Be aware of people “shoulder-surfing” and, either intentionally or accidentally viewing sensitive information.
If you choose to work remotely and your device is lost, stolen or if you believe it may have been compromised in any way, you must report it to your IT team as soon as possible. There is always a possibility of limiting the damage if your support team are made aware and early notification can ensure your company reports any known breaches in a timely manner, reducing the likelihood of financial penalty.