The Security Risks of Working from Home

13/05/2020 08:34 By Bill

What Should I be Considering?

With users now outside of the corporate firewall and outside of the office environment your risk surface will have increased. Add the ever-growing list of collaboration apps now used it has never been more important than now to consider the risk and threat to your business.


Do you foresee working from home being a more regular occurrence? Have you resisted employees working from home in the past?


You may be considering making this more allowable than in the past, but you need to consider the increase in cyber risk, can you mitigate them? Yes, you can. In partnership with your users you can help them to work securely from home, that has always been a possibility. With a robust Remote Working Policy, you can ensure that your business is as well protected remotely as it is in the office.

What are the main considerations I hear you ask? 


With threats forever evolving a multi-layer of security is the best way to mitigate your risk, but you already know that?

    • Train your users on how to spot a Phishing/Malicious communication, outside of the office they will not necessarily have their normal work colleague/s to ask if an email is genuine or not. Your users will also be more relaxed working from home, we’ve all heard of attendees in web meetings only wearing a presentable top half! Don’t let that relaxation become a security lapse.
    • Secure the home router! Most users will still have the default admin credentials in place, the password information is often easily found on the internet. 
    • Passwords are an issue either side of the corporate firewall, purchase a Password Manager for your users, allow them to also use it for personal accounts. This will maintain a good level of password hygiene. One that can generate secure passwords is best. With more collaboration apps being used it increases the risk of password reuse across platforms. It is not recommended to store passwords in browsers. Article.
    • Make use of Two-Factor/Multi-Factor Authentication everywhere that it is available and dependent upon the size of your organisation consider Identity & Access Management for access to corporate resources & apps. Recommend that users also enable 2FA/MFA for all their accounts where available. Don’t just aim security advice at corporate use, aim to get users to build it into all aspects of their digital life, long-term, the users and company will benefit from this approach.
    • Communicate to users the apps that are allowable for collaboration and restrict usage of non-approved tools. Guide your users and make sure that they are aware of what has now become a corporate tool.
    • Endpoint protection, no machine should be without this! Can you manage your endpoint protection remotely? A cloud-based product will allow easier management and ensure that your users have protection everywhere they work from whether that be in the office or remotely. Threats evolve quickly and a product with good Threat Intelligence behind it will improve your security posture.
    • Reduce the malicious emails hitting your user’s mailbox by having an Email Secure Gateway. They can’t click on a dodgy link if they don’t get it in the first place!
    • Make use of a good VPN ensuring that they have a secure connection over the internet irrespective of where they are working. Make sure that it can be managed remotely.
    • Use a DNS Web Content filtering service to prevent access to dangerous and unwanted content. You possibly already have these content rules set up on your corporate firewall, but they need to be at client level to ensure that the same level of protection follows the users wherever they are working. They can also stop traffic going to malicious sites if a dodgy link is clicked on.
    • Use a Remote Management & Monitoring product to ensure that you can manage your endpoints remotely, keep them up to date with patches & be aware of what software is installed on them along with other activities that you need to do to maintain good security posture.
    • Backup, Backup & Backup! A preventative approach to security is the best way to go but a good tried and tested backup can always save the day. Are your users saving more documents to their desktop now they are working from home? Backup your user machines as well as file storage, servers, databases etc to give you all round coverage.
    • How do your users get rid of electronic information, do they just use the Windows delete function and clear out their recycle bin? Look at implementing a secure erasure process using available tools and set an organisation policy for the destruction of electronic information.
    • Don't forget to ensure that all aspects of your insurance will cover you whilst employees work from home.

This is by no means a comprehensive list but gives you a good start in maintaining security wherever your users are working.


Over the years business has been moving to a more mobile approach and the current crisis is going to accelerate that process, are you ready for that change?


Where to start?


Review your current security posture and asses your current risks and how they will change, how agile is your security? Will your security products cause productivity issues being used outside of the firewall?


Don’t forget about your users, there is a lot to consider. Think about how working from home will impact them, many will work more hours than they normally would. Technology doesn’t sleep and is available 24/7 but your users aren’t, and neither are you! Careful consideration should be taken to set guidelines to ensure that your teams are not over doing it as this can lead to mental health problems, I know that all too well from my own experiences. Have the ability to see if the guidelines are being followed.


Your users may also spend more time on Social Media whilst working from home which can also have negative effects - Article. There is no easy answer for this other than trying to educate your teams. Don’t just leave them to it, guide and support them through it, although some may have been asking for remote working in the past it can take a while to get a good routine going and it’s very easy to let that slip, we’ve all had a gym membership that hasn’t seen the outside of it’s holder at times! Article.


Reach out to have a chat about any concerns or questions you may have, we love to find out how others are securing their business and any pitfalls they have come across that may help others in a similar position or situation



Actisoft Technology’s approach, and offering, is one built on the basis of Work Securely, Everywhere, Everytime adopting a cloud approach to security with remote central management. This works whether you work in an office or not. Talk to us about how we can partner to ensure that your business is secure from current, new and emerging threats.

Bill