A few months ago, Working From Home (WFH) was a short-term solution. The ICO were lenient with GDPR when using Home PCs during the pandemic – but, as businesses come out of lockdown, and formally adopt Remote Working as part of their Business Strategy, we need a tighter focus on Security.
Here are some things to consider…
If you are using a Company-issued device
This is generally the most secure option, but it is also the most expensive:
- Your IT Team will set up the correct security, encryption, firewalls and administrative privileges.
- Consider using multi-factor authentication for remote access.
- It’s about keeping the data safe – which is easier for the company to achieve if they own the device.
If you are using your own device
This is a more cost-effective option, but can come with security risks:
- Install company software – a lot of the software we have on our home PCs is not allowed for commercial use.
- Set-up a work profile on your PC, so that no one else in the family can access your work account.
- Set-up multi-factor authentication, to give you an extra layer of security.
So, your PC is now secure, but what about your home network?
Think about the other gadgets on your home network. Sky, Xbox, Wifi-enabled gadgets, your mobile and all the things your teenagers connect to the internet – the list is endless! Some of them won’t be patched to protect against the latest security loopholes. And, you’ve put your Work PC on the same network!
In the office, to be Cyber Essentials certified, all devices on your network must be patched within 3 weeks of the security update being released. Have you updated the firmware on your router, enabled specific firewall rules and even changed the default password?
For now, the ICO have made allowances, but after Covid-19, these things will need to be addressed.
VLAN: Something to consider…
Some of our customers are using a VLAN (Virtual Local Area Network), which means that their work device is separated from their home devices. This might be something that the ICO considers to be appropriate in the future, so keep an eye on their guidelines as they mature.
Connecting to company resources
We all need to be connected to our company’s resources, and here are some things to think about:
VPN (Virtual Private Network): this effectively opens a secure connection and puts your PC back on to the office network, where you can then access files and resources.
Cloud: you could have all your data in the cloud, using multi-factor authentication for added security.
Remote desktop: take remote control of a desktop that is in your office. Or set up an Azure Cloud based desktop which is permanently connected via a VPN, back into a company’s office. When you want to remote work, you use your home PC to take control of the cloud-based desktop (which is secure and patched).
Watch this space, there will be more guidelines to come from the ICO, but if in any doubt, talk to your IT team and use something that’s appropriate for your business.