It is now almost a cliché to suggest 2020 has been a year like no other. From full national lockdowns to widespread limitations on social interaction, it’s hard to imagine how anyone, anywhere has not been affected in some way.
For businesses, open-plan offices with teams working in close proximity is simply incompatible with measures required to limit the spread of a pandemic. So in accordance with legal requirements in many countries, companies have faced the difficult task of shifting to an environment where employees work remotely.
In addition to the challenge of maintaining productivity, companies have had to adapt their security to accommodate a remote workforce. Some firms may have already had measures in place, but many others have faced this challenge completely unprepared.
About the author
David Clarke is a Kingston Cognate member
As the situation continues, many firms may still not realize the risks they are continually exposed to, and have not taken adequate measures to identify and mitigate them.
What’s more, all companies are still bound by GDPR, and by law must take steps to protect user data. However, nobody was thinking about a pandemic leading to widespread remote working when GDPR was initially considered.
The need to protect user data has not gone away though, and remote working can make it easier to accidentally mishandle customer data. Since the working from home trend is likely to continue even after the pandemic is finally behind us, now is possibly the best time for any company to consider the strategy and procedure to allow flexible working, and part of that is understanding the risks it can involve and what can be done to address it.
The world of work has changed, and the security concept of ‘keep a clear screen and clear desk’ has now become ‘keep a clear environment’.
Mandatory use of corporate VPNs is a typical first step towards a secure remote working. But they are just one aspect of remote working, and there are more potential risks to consider, not all of which are technical.
For example, data falling into the wrong hands isn’t just limited to emails and lost USB sticks. Even in 2020, few jobs are truly paperless, and it’s likely that sensitive information can end up printed out from a PDF or Word document.
It’s easier to control these in a traditional office with secure storage and paper shredding, but employees are unlikely to have these facilities at home.
Truly sensitive print documents should be kept in an old-fashioned locked briefcase, and you should think about a paper shredder for home use, complying with the DIN-32757-1 standard.
In a domestic setting shared with other working adults, it’s quite possible for two people to be engaged in a video meeting in the same room at the same time. Audio from one conversation may be heard on another and that may include sensitive information that is now being relayed to individuals from an unconnected organization.
Some companies may mandate recording all video and audio calls too, meaning its possible for information to be picked up and then stored on a server you have no control of.
Likewise, smart speakers are now an everyday household item, but these are constantly recording audio too. Your private meeting could end up archived by Amazon or Google.
It’s worth using headphones with noise-cancelling software to avoid this. Smart speakers should also be switched off during calls, either manually or through control technology.
One of the most obvious changes with the working from home routine is an end to a daily commute, and to the physical separation of family life and work life. Remote working has thrown our personal and professional lives together, where previously they would have been distanced, and this can cause problems.
Depending on whether an organization issues devices specifically for remote working, family laptops might end up used for work purposes, and this can lead to other household members accessing the same device for tasks unrelated to your work. There’s a high risk your family members may unwittingly gain access to documents or communications (such as emails) that contain sensitive information.
The solution depends on using some form of encryption. Keeping work documents off a computer’s system drive or documents folders and instead using an encrypted, password-protected USB stick is the digital equivalent of using a locked briefcase for printed documents.
With FIPS-certified hardware-based encryption, you can be sure that data is secure at all times, allowing you to carry it to another location and not worry about the risk of that data being accessed if the device is accidentally lost.
Some encrypted USB products also have serialized codes that allows IT administrators to keep track of who has access to specific files, which helps track down and minimize the fallout if sensitive information leaks out.
Also be aware than screen sharing with work colleagues may unintentionally reveal information about you they might never normally find out. Your browser tabs, bookmarks, personal pictures and web history tells a lot about a person and these can be exposed on a shared screen.
In this case, it’s a good idea to rely on a virtual environment for work purposes. This could be in the cloud, with a virtual PC, or locally, using a virtual machine. A simpler (and possibly less effective) solution is to have a separate user account on your PC that is only used for work.
Choose what you reveal
Finally, always be aware that a video call can reveal more than you might want to share. If you have books or personal items on display, or simply information about organizations you are part of, it could lead to negative profiling that can affect business relationships, even if those assumptions are wholly inaccurate.
Enable the “background blurring” feature or electronic green screens in video conference software by default, and use it for every call. Items that you may think are totally innocuous could be viewed differently by others, and there is no better way to hide them than blurring out your background.