Post by Neeshé Khan (2018 Cohort)
As coronavirus sweeps across the globe all sectors are looking towards governmental bodies to issue statements that outline the next steps to contain this pandemic. Even from its early days, coronavirus demonstrated its far reaching impact on economies through effecting major sectors such as hospitality, tourism, governmental operations, hospitals, exports, imports and education (to name a few).
Italy is on an incredible total lock-down that hasn’t been seen by any developed state in recent memory. Wuhan’s lock-down is an incredible feat albeit too late. The US takes a more relaxed stance but has seen a number of cases where businesses are encouraging or mandating employees to work from home (WFH). In the UK, the Chancellor has just announced a £50b emergency response budget to the national health services, companies with less than 250 staff will be refunded for sick pay (for a period of 2 weeks/employee) and Statutory sick pay will be paid to all those who choose to self-isolate, even if they don’t have symptoms. I have also had conversations with people in the health service who are taking an unpaid leave of up to a month during this time to safeguard themselves. So things are getting serious and business can allow employees to work remotely for at least without suffering financially.
The dilemma with many businesses is that they’re not setup correctly or securely enough to allow remote working. This is no surprise as it costs businesses a great deal of money to secure remote channels that can access their information systems and ties in closely with their existing software and hardware architecture. Plus, it’s a complex operation to roll out and debug.
If your cybersecurity is compromised whilst WFH, sure enough someone (most likely you) will be held accountable. So, what does it mean for you if you’re at small business/start-up/charity/governmental department that’s just implemented a WFH policy.
Before leaping for joy at how convenient this might be for you (cutting out commuting time, money and health risks from mouth breathers) take a beat and consider doing the following:
Safe working space at home
This is a big one. Homes have a lot of distractions so what would this mean for your productivity? Would you end up putting in more time to make up for it? Is there enough structure at your place to allow you to take timely breaks and balance out your professional and private life? Would you remember to lock your device every time you step away or risk your child hopping on and sending out an email you were drafting and cause a formal cyber incident? Would it just mean more work for you? A ‘safe’ space should be your first thought when considering WFH.
Insurance coverage
Check what your company’s insurance policy is. If you (or your cat) accidentally spills something on your company device, is it covered off office premises? You don’t want to be out of access and be out of pocket for a policy implementation that wasn’t well thought out and you didn’t know what the risks would be.
Cybersecurity when WFH
Both elements above involve cybersecurity. Insurance coverage also covers the Availability aspect of cybersecurity and working space at home covers cyber accidents and incidents. Not many people would even know what a VPN is and wouldn’t have this set up for their home broadband. And that’s OK for your personal use! But when working on your home Wi-Fi it could impact your cybersecurity levels when WFH. Before you begin, ask your employer if they have systems in place that ensure your cybersecurity levels while working remotely are equally secure as when you’re on the premises. This could entail things such as encryption that add an additional layer of security when working remotely.
Access
I found out through experience that while small companies offer a ‘basic version’ of working remotely it can come with a lot of lag (you have a portal you go through via a personal device to access your work computer’s desktop). If systems aren’t set up correctly (well configured) your access can hang or crash. This could mean you’ll end up doing the same task for the tenth time! If you’re using your personal device to remotely access your computer and are frustrated with the system not working, you might be tempted to move files to your personal devices (so it all ends before you enter your kill zone) – don’t! This becomes more hassle than it’s worth and it’s much easier to get in touch with your IT department to report the issue to fix before you can begin your work on that task again – so sip some tea in the meantime.
In some cases the drives can be separated so while it all appears normally on your work computer this might not be the case for when you’re working remotely. Check with your employer if there’s a specific drive you need to move your documents to (while on premises) to ensure you have access to them remotely.
If you have a company provided computer such as a laptop then you’re clear of most of the headaches that come with lag, crashing systems and availability of documents – hurrah!
Prefer conversations instead of emails or texts
Try to have as many skype/video/call conversations as possible. This ensures that you are actually speaking to the person who you think you’re speaking to so your communication has what is known as Integrity in cybersecurity. Access through an insecure connection (such as your home Wi-Fi even if it has a strong password) can mean your account gets compromised and you have a man-in-the-middle intercepting and responding to your confidential company communications.
These are just some of the things that came to my mind when thinking about WFH cybersecurity and I hope it helps! If you’re a team leader encourage your team to adopt these practices. If you’re an employer, certainly consider these aspects prior to enforcing remote working. It would be good for companies preparing to have their employees WFH, to have a session that outlines best practice scenarios, remits of liability and answer any concerns or queries while we wait for coronavirus to pass.
–originally posted on Neeshé’s blog