//////////////////////////
M
any if not most organisations have
already crossed the ‘working from
home’, or at least the ‘working
while on the road’ bridge.
If you’re on the IT team, you’re probably
used to preparing laptops for staff to use
remotely and setting up mobile phones with
access to company data. But global concerns
over the current coronavirus (Covid-19)
outbreak, and the need to keep at-risk staff
away from the office, means that lots of
companies may soon suddenly end up with
lots more staff working from home and it’s
vital not to let the precautions intended to
protect the physical health of your staff turn
into a threat to their cybersecurity health at
the same time.
Importantly, if you have a colleague who
needs to work from home specifically to stay
away from the office then you can no longer
use the tried-and-tested approach of getting
them to come in once to collect their new
laptop and phone, and to receive the on-site
training that you hope will make them a
safer teleworker.
You may end up needing to set remote users
up from scratch, entirely remotely and that
might be something you’ve not done a lot
of in the past. So here are our five tips for
working from home safely:
Make sure it’s easy for your users to
get started
Look for security products that offer what’s
called an SSP, short for Self-Service Portal.
What you are looking for is a service to
which a remote user can connect, perhaps
with a brand new laptop they ordered
themselves, and set it up safely and easily
without needing to hand it over to the IT
department first.
www.intelligentcio.com
Paul Ducklin, Principal Research
Scientist, Sophos
“
IT’S VITAL NOT
TO LET THE
PRECAUTIONS
INTENDED TO
PROTECT THE
PHYSICAL HEALTH
OF YOUR STAFF
TURN INTO A
THREAT TO THEIR
CYBERSECURITY
HEALTH AT THE
SAME TIME.
Many SSPs also allow the user to choose
between different levels of access, so they
can safely connect up either a personal
device (albeit with less access to fewer
company systems than they’d get with a
dedicated device) or a device that will be
used only for company work. Encryption means making sure that full-device
encryption is turned on and activated, which
protects any data on the device if it gets
stolen; protection means that you start off
with known security software, such as anti-
virus, configured in the way you want; and
patching means making sure that the user
gets as many security updates as possible
automatically, so they don’t get forgotten.
The three key things you want to be able to
set up easily and correctly are: encryption,
protection and patching. Remember that if you do suffer a data
breach, such as a lost laptop, you may
well need to disclose the fact to the data
INTELLIGENTCIO
31