Is working from home secure?

Comments are off
1
Marcelo Orlandi
Is working from home secure?

Working from home… What a pleasure! And it’s becoming more and more mainstream in our society.

In today’s world, as you know, everything is interconnected, and many organisations are using this connectivity as a means to let employees work, even when they are not in the office. Of course, this has advantages and disadvantages which I will discuss in this article.

 

Home-Office vs Work-Office

Many companies operate from 8am to 4pm or 9am to 5pm. There are exceptions, such as factories, which may be working 24×7, but a big percentage of businesses operate around the “normal” business hours.  The question is, what happens when the business is closed?

Let me use an example to help you understand this scenario.

A company, let’s call them “X Company” opens its doors to customers at 8 in the morning and closes at 5pm. After 5pm perhaps a few employees are still in the office finishing some paperwork, loading data into their systems and getting organised for the following day.

However, there are other employees who, as soon as they get home, fire up their computers and guess what, they connect back to the company to keep doing work. Suddenly, their home becomes an extension of the office.

This scenario becomes more and more common nowadays. Who doesn’t want to work in sleepers, or while watching a game, or with a fridge a step away full of food?! Maybe that is the reason why Working From Home, or WFH, has become more of a buzzword the work-life balance paradigm.

 

Advantages of Working from Home for Employees

Now, let focus on some of the advantages of being able to connect back to the office to keep working, or to do a specific task. Suppose that you live more than one hour away from the office, and suddenly you have to jump into any of your company’s systems to update, fix, or do something. Maybe that something is a five minute job, and if you do not have access to any systems remotely, you will need two hours return, plus the five minutes it takes to do the actual work. As you can see, being able to login from home suddenly give you two hours free to use somewhere else. This is a big advantage for sure.

 

Advantages of Working from Home for Employers

On the other hand, organisations are also motivated to provide this option to their employees, as this can provide benefits for them as well, such as:

  • An urgent five minute issue can actually be resolved in five minutes and not in 1 hour and 5 minutes. Therefore, response time is great!
  • Employees who do not have an office, such as sales, account managers, etc. who are continuously on the road visiting customers or making sales are able to be online at all times with the company.

A computer and an internet connection. That is all that you need to be “online” again. I still remember the days, prior to mobile phones, when two-way radios were common, there was no internet connection, and the only piece of technology that could help somebody was miles away. Today, you can be in the middle of the outback and still have a video conference with people thousands of miles away, in the same country or across different countries and time zones. This is something that you could not have done in the past without the technology we enjoy today.

It seems like all is fine and the systems are there to provide access whenever and wherever we are. That is good and true. However, do not forget the bad guys. Oh yes, there always will be a bad guy trying to take advantage of weaknesses in the system. So let’s discuss those risks.

 

Disadvantages of Working from Home

Let go back for a second to the X Company example scenario. In order to provide you with external access, X Company has deployed some devices (Firewall) which are connected to the Internet and have left a door open so you can enter. Now, how does the device know that you are who you say you are? Can you prove it? Probably, because you may say, “I have a username and password that the IT department gave me to connect to the company, therefore it is safe.”

Having a username and password to connect to the company it is great. However, are you keeping these credentials safe? How guessable is your password? Are you using dictionary words in your password rather than a random assortment of letters, numbers, and symbols? How much time do you think the bad guys will need to guess your password?

Maybe now you’re starting to think, “I should review my passwords and remove the sticky note I left in the office with my credentials.” Once somebody else has your credentials, the devices in the company will not be able to distinguish if you are who say you are. At that point, the bad guys will be inside the company system accessing everything you have access to, copying, encrypting, and even asking ransom to get the data back.

Nowadays, it is a very common scenario for bad guys to encrypt the organization’s information and ask for a ransom to get paid.

 

How can we make working from home more secure?

The question is now, “What can my company can do to identify those bad guys from the good guys?” Finding a solution to this is not simple, and it is rarely 100% effective. However, we have developed in-house a tool which proactively blocks bad guys before they can gain access to a company, either independently or if they have an employee’s credentials.

This solution is a two step process.

The first step is to deploy as many sensors out there to detect those bad guys, once it is detected, communicate that “new information” across to all customers. This is done in just 15 minutes. Therefore, if somebody is trying to guess a password in your company the first product, called RDPGuard, will detect and block the user after a number of attempts. Once detected, this is communicated to Calibre One Cloud Intelligence Protection. This system in the Cloud will take this new data and analyse with the data that is already in the cloud and determine if that attempt was legitimate or not. Based on that analysis, C1 Guard comes into place, blocking any further attempts to any other logins coming from that source address. All this process takes as little as 15 minutes without any manual intervention.

The combination of RDPGuard plus C1 Guard has proven to reduce up to 80% of brute force attacks across all of our customers.

Do you see yourself offering similar access to your employees who are working from home or any other place around the world? Then you may need to consider how to minimize the risk of having somebody knocking down your doors and successfully entering into your systems.

Want to know more about mitigating this risk for your company? Check out our Intelligence Cloud Protection page to learn more about C1 Guard + RDPGuard. We look forward to helping you keep your systems safe so that you and your employees can continue to work from the comfort and convenience of their homes.