Home offices lack the considerable security protections afforded by the corporate environment. No access control. No IT security. No secure wastepaper disposal. No protections against electronic surveillance. Nada. Zippo. Nothing, except perhaps the family dog.
Your home office employees are vulnerable. This fact has not escaped the attention of the hackers, spies, and opportunists. They want your intellectual property. The want to know your secret strategies. They want your information, and all are now much easier to get.
Give your employees some security help…
First: If they don’t have a crosscut shredder, give them one. This is important.
Second: Create a Home Office Security Policy. Establish a minimum acceptable standard for information protection. Include everything from work space access control, to document protection, to communications security.
Home Office Security Basics…
1. Create a Self-Service Portal (“What’s that?”)
“A self-service portal is a website, consisting of self-service and self-help functions, that enables and empowers the employee to request services, find information, and register and resolve issues. A self-service portal can be thought of as the “electronic front door” to the IT organizations’ “store”, from which the consumer can obtain products and services.
From simple administrative functions such as resetting passwords and reporting incidents, to more complex actions, such as downloading software and taking corrective actions in response to issues, a well-designed self-service portal is invaluable to a consumer community that is “always on, always connected.”
Include a security ‘how to’ section. Don’t assume everyone knows about VPNs, or how to connect to their wireless printer securely.
2. Communications Equipment. Inventory the systems, and the software they are using. Check that the security settings are on, encryption is being used, software security is up to date, and firmware is current. This can be handled during a routine Technical Surveillance Countermeasures (TSCM) visit.
3. Communications. Digital communications with the company needs to be routed through a Virtual Private Network (VPN). Consider providing a company VoIP telephone set (or softphone) so employees can keep the conveniences provided by their office phones. This should also be routed through the VPN.
4. Encrypt. Encrypt everything you can encrypt. This includes Wi-Fi, data storage devices, teleconferences, and phone calls requiring confidentiality.
5. Email Attacks. Rule #1: Don’t click on anything without being sure it is legitimate.
Crooks view employees working from home as soft targets. The fake emails are now more sophisticated and aggressive than ever. Scams, malware, impersonations, ransomware, and spyware are flooding email boxes.
6. Web Filtering. Employees’ computers should employ web filtering which updates automatically. This will reduce the chances of being diverted to a malicious website, and keep them on work appropriate sites.
7. Security Inspections. The work is the same. The venue is different. The risks are higher. The TSCM security inspections routinely performed at the corporate offices now need to be done at a residence.
Most of the previous recommendations can be handled during a specially crafted TSCM visit. Unless there is a specific issue, once every six months should be sufficient.
If you have any questions, or would like to schedule a home office TSCM / information security audits, just let us know.
###
Murray Associates is an independent security consulting firm, providing eavesdropping detection and counterespionage services to business, government and at-risk individuals.
Headquartered in the New York metropolitan area, a Murray Associates team can assist you quickly, anywhere in the United States, and internationally.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.