There are many pitfalls that can present security risks to companies that employ employ work from home (WFH) staff. A personal machine that is unmonitored is an easy target for a bad actor, and even one that is monitored and partially controlled can be difficult to adequately secure.
For example, it recently was found that a popular computer game from Amazon Studios called New World had a major security flaw. As noted in this article, the game was capable of executing HTML code via the chat box function. Simply by hovering over an infected message, a user could unknowingly open his/her computer up to downloads and scripting. This, of course, could lead to a multitude of security risks including malicious executions, etc.
“But employees aren’t playing video games at work…”
…An executive may say. Hopefully, this is true. Unfortunately, the problem doesn’t necessarily end with logging out of the game, or even logging out of a remote session. Once a machine is infected, the aftermath can be unpredictable. While much of the world’s malware is intended to immediately and noticeably infect a machine—for various reasons, including technoterrorism, monetary gain, and others—some of the more insidious malware just listens and records. Activities and keystrokes can thus become part of a large data dump which can then be parsed and analyzed via forensic applications. And sold. Suddenly, any passwords and sites visited—including company portals and VPNs—can become a set of major security risks.
Even worse, a personal computer may be shared with or without a company’s knowledge. Jim may be a great human firewall, cognizant of phishing and a master of completing security training, but Jim’s kids probably aren’t as diligent. As such, little Jimmy or little Jenny could be playing New World or clicking into malicious sites or a thousand other activities that may put a computer at risk. And, to repeat myself, once one computer on a network is at risk, an entire IT architecture will be facing increased security risks.
How To Protect Your Company
Step one for safety can be creating policies that prevent the above hypotheticals from happening in the first place. We outlined some remote work risks in this and this blog article. Taking a look at those checklists and then an honest assessment of your company’s IT WFH security risks can be a great start.
Step two might be budgeting and planning for company resources to be utilized for WFH employees. This can be done safely, but it requires monitoring and access controls that may not be possible with personally owned machines.
Additionally, we are now recommending to all clients to utilize Multi-factor Authentication (MFA). We recommend Duo MFA due to pricing and utility, but there are other options available. MFA is a great last defense in the event that credentials are compromised.
Where Certified CIO Can Help You
If you’re not sure where to start, our security and IT management services can provide a stalwart defense against the bad guys. Whether through development of policy, updating aging IT architecture, or getting your business in compliance with bureaucratic requirements, our team of experts work every day to solve IT pain points for businesses and organizations just like yours. CONTACT US and we’ll be in touch!