Flattening the curve: How to work from home safely

03/13/2020
G DATA Blog

Amidst fears of the corona virus SARS-CoV-2, more and more companies ask their employees to work from home. We have created a list of useful tips on how to make remote work as safe as possible.

No company wants to risk grinding to a complete halt due to people falling ill from COVID19. Therefore, a lot of organizations play it safe and let their employees work from home to reduce potential exposure. This is an absolutely reasonable step to take, because it decreases the rate at which the disease can spread within the population and lowers the risk for individual employees. Since the technical means to take this step are no longer out of reach even for small businesses, sending office workers to work remotely is not a major problem. There is no legal basis on which workers can demand to be allowed to work from home, but common sense forces companies all over the country to re-evaluate their stance on home office work.
In this article you can find a few helpful tips that will help guide your IT department to make the transition to the home office as smooth as possible:

  • Identify the roles which are absolutely essential for your company and evaluate where any downtime can have a negative effect on the company. Any employees working in those positions should be the first to be given the opportunity to work from home.
  • Issue company devices for those employees who work from home. Company data should not be stored on privately owned devices and vice versa. Also, privately owned PCs or laptops should never be connected to the company's VPN (with one exception - see below), because it is impossible to ensure that all the devices mee with your company's security requirements.
  • On any devices used for home office work, enable hard disk encryption. That way, even the theft of a device will not lead to a pricavy and data protection disaster.
  • Provide a VPN to connect to the company network.
    When set up correctly, this enables employees to work from their own home in almost the same ways as if they wqerew present in the office. This is primarily the responsibility of the IT department since the VPN needs to be set up, licensed and provisioned for each employee.

  • Enable multifactor authentication for your VPN.
    This is also the responsibility of the IT department. There are several ways of implementing MFA, froim using hardware tokens all the way to OTP apps which generate a unique one-time password for each individual login.

  • Define access permissions. Having a working VPN connection is of little use when emplyoees are unable to access data or specific applications within the company network.
  • Configure your VoIP telephony so it also can be used remotely (if applicable). Alternatively: set up call forwarding.
  • If it is no feasible to provide preconfigured devices for all remote workers: In a pinch, using a remote destop server (also referred to as a Terminal Server) is a viable solution. What needs to be ensured is sufficient server capabilities as well as bandwidth. 
    There is a Caveat to this: If you just set up an RDP server, hook it up to the web and call it a day, you will set yourself up for disaster. In the recent past, many security incidents that caused data loss or other damages, the root cause was an insufficiently secured RDP server. The ideal scenario for RDP servers would be to combine it with a VPN, so emplyoees can only connect to it if they have connected to a VPN first.
  • Use a secure chat solution for any non-verbal communications among the work force. Your preferred solution should have end-to-end encryption and allow for the secure file transmission.

If your manager has sent you home to work remotely, there are a few rules that you should follow:

  • Even if you are sitting in the comfort of your own howme: you are connected to the company network. Therefore, the same rules apply that you also follow in the office: Do not connect any unknow or untrusted media to your PC, do not click suspicious links and be careful when handling email attachments. Because phishing emails do not care about where you work from and will land in your inbox regardless.
  • Wherever possible, make sure you have a work environment with no distractions or disruption. Partners, children or pets should be asked to leave you alone while you are working. This works best if you have a dedicated office in your house. 
  • If it can be avoided: Do no transfer large amounts of data into or out of the company network. This will keep the load on the network lower and prevents delays or lags for other employees.

Tim Berghoff
Security Evangelist