Data and security considerations for remote working - IFSEC Global | Security and Fire News and Resources (2023)

Cyber security and remote working

Data and security considerations for remote working - IFSEC Global | Security and Fire News and Resources (1)

Steven Bishop

As more people across the world turn to home working in an effort to combat the spread of the coronavirus, Steven Bishop offers his thoughts on the potential data concerns and cyber security consequences of providing employees remote access to IT systems.

Note: This article is presented as an introductory educational guide that aims to highlight some of the main issues that someone new to the subject needs to consider. It is not intended to be a comprehensive briefing and is not a substitute for an in-depth investigation into the wider issues.

Data and security considerations for remote working - IFSEC Global | Security and Fire News and Resources (2)

We have a rush on at the moment in the world of IT services. Right now, there is an urgent need for many companies to setup remote working for their staff so that they can continue their day-to-day business operations in the face of calls for medical isolation and advice to restrict movement of people around the country.

Some big changes have to be made to the company’s operating procedures to accommodate remote working. New rules have to be quickly drafted and approved by the organisation’s management team. And in this rush, many safeguards are likely to be missed, overlooked or downplayed. If the organisation is inexperienced with IT systems then the management team needs to be aware of the significant and new risks that remote working opens up.

A big part of business-related IT management is putting in place appropriate controls and barrier-fences to reduce or eliminate IT operations that could permit data-leakage of confidential data and cause a breach of data-protection legislation such as GDPR.

As IT engineers, it is our job to facilitate the wishes of our customers, but it is also to inform and advise them that changes to their IT systems to add Remote-Working is going to open up some new and significant risks.

And, as knowledgeable technicians, we have to impress upon the customer that they need to carefully assess and consider these risks before they make their decision about who and how many employees are given the option to work remotely.

1: Remote working and data leakage

The first of the major headline risks of Remote-Working is an increased risk of data leakage.

The ‘off-the-shelf’ remote working tools that most customers will adopt will (by default) side-step most of the internal IT controls that normally prevent data loss. Out-of-the-box, they will permit Remote printer-sharing, remote desktop file-sharing, and remote USB connections, and each of these can be used to side-step the normal IT controls in place for data-protection.

When employees works remotely they are stepping outside of the normal day-to-day office environment, which itself prevents a lot of risky IT behaviour. In the office, employees are going to be observed doing something unwise, such as bringing in an external USB drive and connecting it to an office computer, or adding another printer to the office network and printing off a lot of company documents.

It doesn’t matter whether the motivation is a benign desire to simply achieve a task more quickly or whether it is malicious with a wish to steal company data. The end result is the same, with a big chance of data-leakage and a significant danger of breaching GDPR legislation.

2: Remote working and data connectivity

The second major headline is data connectivity.

(Video) IFSEC: The Challenges of Secure IoT

Remote working stretches internet connectivity in new and strange ways. The standard business ‘broadband package’ that provides a customer’s office internet connectivity is unlikely to have enough capacity for anything more than a few remote working sessions to operate at the same time. It will typically have a far larger capacity for incoming data than for outgoing data, usually by a factor of five-to-one.

In normal circumstances this is fine, because on a normal working day most of the data traffic is entering the office rather than leaving it. Adding remote working access to an office IT system turns this on its head and stresses the weaker outgoing data capacity.

As a result, there needs to be a discussion with the customer to identify how many employees can comfortably use the remote working facility and to work out who are the priority users if the IT system becomes over-stretched.

If we don’t do this, then everyone will suffer a poor experience or find it so frustrating that they fail to make use of the system at all.

3: Remote working and cyber security

Remote working makes wide and open connections through the normal firewall defences of the office network.

At short notice, there may be a desire to let employees remotely connect to the office from their own personal computers at home. This is not an ideal situation as an employee’s personal computer is not under the management of the company, and may have malware or other malicious content hiding on it.

If the decision is made to use personal computers, then extra care needs to be taken, because there is a real chance of delivering ransomware into the office network and allowing company data to leak out.

Inevitably, any openings that we make to let authorised employees to gain access can sometimes be exploited by bad operators. If these remote working access routes are unmonitored or not well protected then the risk of a cyber-security break-in is significant.

4: Managing customer expectations

The simple phrase of ‘remote working’ covers a huge umbrella of technical issues and business operational risks.

The IT technician often ends up being the ‘kill-joy’ that has to explain this is more complicated than it first appears, and that it is not possible without extra expenditure and extra procedures to keep the company’s IT operations safe and secure.

There are a number of different ways to achieve remote working. Each company needs to assess their own level of risk, decide what is appropriate expenditure and what safeguards to put in place.

Doing something quick without the proper amount of consideration is risky and not advisable.

Steven has also produced his top 5 tips for IT security professionals to ensure employees can work remotely as securely as possible:

  1. Real-time active monitoring of data-traffic – ensure you are able to pull-the-plug the moment something untrustworthyis detected. Be paranoid, safety first.
  2. Have a proper disaster-recovery plan – you must, must, must have a reliable data backup of all valuable company data, and do a “fire-drill” to test that you can restore from it. Only this can save you in the event of a ransomware or other malware attack.
  3. Time-limit it – the longer that something is left up the more chance there is of a break-in. Don’t install it and then forget about it. Just look at the news headlines about Virgin-Media, British-Airways, Experian, etc, etc. Most of these were made far worse for being open and vulnerable for such a long time.
  4. Minimum number of people – only trusted people inside your organisation, those who can be trusted to keep a separate and clean PC to connect to the office network. You don’t, for example, want your kid installing a boot-leg game on your home PC and then infecting the office network from there.
  5. Proper IT partitioning – isolate as much as possible within the office network. Put up the IT equivalent of fire-breaks within the office network.

For those interested in further content on remote working, take a look at this wellbeing guide to working from home from our sister publications, SHP Online and Barbour EHS.

Free Download: The Video Surveillance Report 2021

Discover the latest developments in the rapidly-evolving video surveillance sector, directly from the people at its heart. We surveyed over 400 professionals working in the field to bring you the 2021 Video Surveillance Report. Responses come from installers and integrators to consultants and heads of security, as we explore the latest trends in the sector including video analytics; the use of surveillance outside of security operations; cloud-based storage solutions; integration; the impact of COVID-19; the market outlook and more!

Download for FREE to discover top industry insight around the latest innovations in network cameras and video surveillance systems.

Download The Video Surveillance Report

(Video) IFSEC Webinar: Moving to Mobile Access Control — A Case Study Featuring Avolon

Related Topics

(Video) 3 Genetec VMS crash course Module 3

Avon fire crews resist plans to work as paramedics

Mitigating risks for travelling staff: Advice for the security department

Why are apprenticeships so important?

Subscribe

Inline Feedbacks

(Video) IFSEC Tech Talks: Design Automator - SaaS solution for security systems design

View all comments

Data and security considerations for remote working - IFSEC Global | Security and Fire News and Resources (5)

[…] Data and security considerations for remote working. […]

Reply

FAQs

What are security considerations for remote users examples? ›

These are the top remote work security issues businesses should be wary of.
  • Managing All Devices and Employees.
  • Insecure Passwords.
  • Phishing Emails.
  • Using Unsecured Personal Devices & Networks.
  • Video Attacks.
  • Weak Backup and Recovery Systems.
  • Require employees to connect over VPNs.
  • Install multi-factor authentication.

How do you protect and secure data while working remotely? ›

How to promote data security while working remotely
  1. Connect to a hotspot or use a VPN. ...
  2. Use strong passwords and a password manager. ...
  3. Keep work and personal separate. ...
  4. Stay alert for phishing or other attacks. ...
  5. Participate in routine cybersecurity training.
28 Sept 2021

What is the most important security precaution you should take when working remotely? ›

Here are the top remote working security tips to ensure you and your staff are working from home safely.
  • Use antivirus and internet security software at home. ...
  • Keep family members away from work devices. ...
  • Invest in a sliding webcam cover. ...
  • Use a VPN. ...
  • Use a centralized storage solution. ...
  • Secure your home Wi-Fi.

What is an effective and secure remote working arrangement? ›

Typical Secure Remote Worker criteria

Secure access to the internet. Secure access to company and customer data. Secure access to communication tools. Secure access to collaboration and conferencing tools. Secure access to work applications.

What are some examples of security concerns for data that is accessed remotely remote computer at Internet hot spot assessment wireless clients? ›

8 remote access security risks and how to prevent them
  • Lack of information. ...
  • Password sharing. ...
  • Software. ...
  • Personal devices. ...
  • Patching. ...
  • Vulnerable backups. ...
  • Device hygiene. ...
  • Phishing attacks.

What are the three main goals of security? ›

Included in this definition are three terms that are generally regarded as the high-level security objectives – integrity, availability, and confidentiality.

What are some ways to successfully and securely work from home? ›

Secure your home office and remote work
  1. Use antivirus software. ...
  2. Make sure your system and programs are up to date. ...
  3. Pay attention to Wi‑Fi and network security. ...
  4. Secure your privacy with a VPN. ...
  5. Avoid oversharing your screen. ...
  6. Beware phishing scams. ...
  7. Don't share personal information in messages or social media.

How should employers protect their data on employees devices? ›

Encrypt sensitive information that you send to third parties over public networks (like the internet), and encrypt sensitive information that is stored on your computer network, laptops, or portable storage devices used by your employees. Consider also encrypting email transmissions within your business.

What is the largest threat to working remotely? ›

Top Security Risks of Remote Working
  1. GDPR and remote working. Remote work means an employer has less control and visibility over employees' data security. ...
  2. Phishing Emails. ...
  3. Weak Passwords. ...
  4. Unsecured Home Devices. ...
  5. Unencrypted File Sharing. ...
  6. Open Home WiFi Networks.
17 Sept 2021

Why cyber security is important for remote workers? ›

Not only does cybersecurity training protect the company, but it also gives employees the knowledge needed to protect themselves inside and outside of the workplace. Identity theft is one of the most common cyber-attacks among remote workers.

What are the possible threats faced when people work online? ›

Internet-based threats expose people and computer systems to harm online. A broad scope of dangers fits into this category, including well-known threats like phishing and computer viruses. However, other threats, like offline data theft, can also be considered part of this group.

Which security challenges does the company face in supporting remote access for employees? ›

Top 5 security issues with working remotely
  • Reduced Security on BYOD and Mobile Devices. Cybersecurity is no longer just a challenge. ...
  • Tracking and Managing Assets on the Cloud. ...
  • Inadequate Backup and Recovery Systems. ...
  • GDPR Compliance. ...
  • Sensitizing Remote Teams to Actually Follow Data-Security Protocols.
20 Sept 2022

What are the examples of social networking security policy best practices? ›

Best Practices: Safe Social Networking
  • Manage your privacy settings. ...
  • Remember: once posted, always posted. ...
  • Build a positive online reputation. ...
  • Keep personal info personal. ...
  • Protect your computer. ...
  • Know what action to take. ...
  • Use strong passwords. ...
  • Be cautious on social networking sites.

How do you protect a remote? ›

Basic Security Tips for Remote Desktop
  1. Use strong passwords.
  2. Use Two-factor authentication.
  3. Update your software.
  4. Restrict access using firewalls.
  5. Enable Network Level Authentication.
  6. Limit users who can log in using Remote Desktop.

How can students secure remote access? ›

Use a reliable virtual private network (VPN)

By providing a VPN service to all staff and students where necessary, their online activities are the same as if they were sitting at school, the secured network. All traffic is encrypted and protected by the school's local network security measures.

Videos

1. IFSEC Tech Talks: ASSA ABLOY - Incedo Business Cloud
(IFSEC Global)
2. Vidsys/HPE Webinar - Find and Fix Your Security Gaps
(Vidsys)
3. Connect 2021: AICO Tech Talk
(IFSEC Global)
4. Hikvision & Mavili Global Webinar: Fire and Temperature Alarm Integrated Security Solutions
(Mavili Elektronik)
5. "Algorithmic Access Control - Are the Machines Qualified to Solve Access Control for the Internet...
(IEEE Computer Society Google+)
6. 2016 01 14 14 00 AxisVoice Yes, you CAN weave access control into your portfolio with the Axis A10
(AxisVoice)
Top Articles
Latest Posts
Article information

Author: Msgr. Refugio Daniel

Last Updated: 11/01/2022

Views: 6410

Rating: 4.3 / 5 (54 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Msgr. Refugio Daniel

Birthday: 1999-09-15

Address: 8416 Beatty Center, Derekfort, VA 72092-0500

Phone: +6838967160603

Job: Mining Executive

Hobby: Woodworking, Knitting, Fishing, Coffee roasting, Kayaking, Horseback riding, Kite flying

Introduction: My name is Msgr. Refugio Daniel, I am a fine, precious, encouraging, calm, glamorous, vivacious, friendly person who loves writing and wants to share my knowledge and understanding with you.