Introduction: Working from home made secure
Many companies across the world have been introducing their employees to the concept of working from home. Although the COVID-19 lockdown is beginning to open up in certain areas, what is clear is that home working will continue to be a widespread option for businesses.
As a model, remote and home working was increasing in popularity even before the COVID-19 pandemic. But since the pandemic hit, home working has become mandatory in many parts of the world. A UK survey by O2 and YouGov found that nearly half the workforce think flexible working will increase during 2020, and 81% expect to continue to work from home at least one day per week going forward. With estimated savings of $4.5 trillion per year in the US by 2030, remote working is likely to continue, virus or no virus.
While we thought the perimeterless enterprise was a cybersecurity challenge, the “home satellite enterprise” is another altogether. Home working means an organization needs a robust approach to cybersecurity in order to encompass this extended work environment.
Here are some ways to make sure that your staff and your company remain cyber-secure at home, using a secure home network.
4 ways to a secure home network
With working from home, you need to think about having guardrails that fit the environment: tools, apps and services that allow for distributed home working while maintaining the same levels of security you’d expect on the business premises.
Though nothing is ever 100% secure, adding in layers of protection across the home network will help to reduce the risk of home working significantly. Here are our top tips for securing the home office.
1. Using a secure remote desktop
Creating a secure home network can be achieved using a remote desktop installed at your employee’s home office. Employees can use a remote desktop connection, such as Remote Desktop Services (RDS), to connect directly to their work network using authentication credentials, such as a password. The use of a remote desktop also allows home workers to use their own computer; the remote desktop essentially isolates their computer from your company network.
It is worth noting that flaws in Windows Remote Desktop Protocol (RDP) have resulted in a number of cybersecurity breaches. The Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) warned of RDP exploits on seeing increased numbers of attacks using the RDP protocol. The attacks were remotely executed and difficult to detect.
Vulnerabilities included dictionary attacks against weak passwords and man-in-the-middle attacks. In 2019, Kaspersky also found 37 flaws in VNC (Virtual Network Computing), a system that provides remote access to the operating system’s user interface.
The secure configuration of a remote desktop depends on which service you use. However, you should consider setting up a firewall to whitelist access for known users/IP addresses. Most remote desktop systems now offer multiple factor login (2FA/MFA) when using a remote desktop. The Microsoft version (RDS) also offers integration with Active Directory. If advanced authentication is available, enable 2FA/MFA for your users to add another layer of security.
To help prevent exploits based on remote desktop vulnerabilities, ensure that regular patching is performed on the remote desktop software.
2. Securing a home Wi-Fi network
A fundamental issue in any home office is the security of the home Wi-Fi network. The likelihood is that home workers use a Wi-Fi network shared with other members of the household; there may even be visitors who regularly log in to the home network.
A home office network needs to be set up to protect any data communications from accidental or malicious exposure. To add layers of security to your home office, provide a secure router guideline to your home workers, including advice on:
- Changing the router’s Service Set Identifier (SSID): Cybercriminals search for specific devices with known vulnerabilities; hiding this will help prevent a targeted attack
- Choosing a good router password
- Changing router admin credentials from the default factory setting
- Password sharing with trusted persons only
- Keeping the router firmware updated and patched (if the router does not automatically update)
- How to disable Universal Plug and Play (UPnP)
- Creating guest networks to help isolate parts of the network used for business devices.
- How to enable the router firewall
3. Using a Virtual Private Network (VPN)
An alternative that augments and hardens home network security above and beyond secure Wi-Fi is to use a VPN. Using a VPN along with a remote desktop adds layers of security, effectively creating a home office perimeter.
A VPN forms an encrypted tunnel between two computers — in this case, a home computer and the remote office network. This means you can share data within the confines of the VPN to prevent exposure.
As a company, you need to look at the various VPN options available and find the right one for your needs. For further details on choosing and setting up a VPN see our in-depth article, Advanced Technical Review of VPN Infrastructure Impacts.
4. Cyber-safe home security awareness
The technical measures in creating a secure home network should always be augmented by using employee security awareness training. Phishing is still the number one way that login credentials and other data are stolen. Make sure that staff are trained, using remote simulated phishing exercises. This will help prevent employees from falling victim to the increasing number of scams seen during the COVID-19 pandemic.
Conclusion: Setting a secure home network policy
Making sure that home offices are secure does require some thought. And planning! You need to approach it with a view to building up security using several key measures.
The best way to begin the process of developing secure home office conditions is to see a home office as an extension of your own company network. Using tools such as a remote desktop and/or VPNs can help to create a protected but extended perimeter.
Home working is likely to be normalized for at least the foreseeable future. As such, it’s important to design a secure home network architecture based on your business operations and needs. This will inform your choice of software and hardware and, importantly, will offer you guidance on creating a policy and set of advisories for home workers.
- The future of work, O2 Business
- FlexJobs 2018 Annual Survey: Workers Believe a Flexible or Remote Job Can Help Save Money, Reduce Stress, and More, FlexJobs
- CYBER ACTORS INCREASINGLY EXPLOIT THE REMOTE DESKTOP PROTOCOL TO CONDUCT MALICIOUS ACTIVITY, IC3
- VNC vulnerability research, Kaspersky
- Remote Desktop Services – Multi-Factor Authentication, Microsoft