Keep Secured in Work-from-home Paradigm

Work from home
You may hear about these popular phrases recently, lockdown, stay at home order, work from home, social distancing, quarantine. For companies relying heavily on information technology, when many colleagues have to work remotely away from the office, network connectivity and remote computing, of course are of utmost importance and with immediate urgency.

Keeping your sensitive information safe however, cannot be overlooked when the paradigm is shifted from closed cage firewall protected servers to securely guarded selective open access.

In many of our common understanding, the sensitive data of a company are collectively stored in some secured servers. Need an ID-password pair to get authenticated before gaining access. The computer network that connects the servers is surrounded by highly sophisticated protectors, like firewall, intrusion prevention system (IPS) and data loss prevention (DLP) system.

Some even have a security operations centre (SOC) to monitor the cybersecurity round the clock. Emails would be scanned. USB removable storage has to be encrypted, if not blocked. Computers are installed with the anti-malware system. All and all, hackers are difficult to get in and un-intended leakage of sensitive information can be avoided.

However, with the work from home arrangement, many of the works are carried out at home rather than in a sophisticatedly protected office. When you work on counting banknotes of a million dollars in the bank you are employed, you feel safe. There are steel doors, security guards, CCTV, everything. But if you count them in an outdoor public leisure park, what would you think?

Work from home may be risky if you are not aware of the difference and ignore this paradigm shift.

Tackling this can be a big topic with a very wide scope. Some tips and reminders, however, can be shared for your reference:

  • Set up proper remote computer access sandbox, like using virtual desktop infrastructure (VDI); clean up the temporary files when disconnected from the remote session
  • Enable multi-factor authentication when connecting remotely
  • If setting up the virtual private network (VPN) of network access, be very careful when setting the remotely accessible network segments (minimizing the remotely accessible computers can lower risk exposed)
  • Colleagues may start to love their home computers; set up network access control in your office local network so that when they are back to the office, their be-loved laptops unable to connect without proper end-point protection software installed
  • Colleagues may be less alert when handling emails at home; refresh phishing email training
  • Enforce strict password expiry, as colleagues might have shared password to handle the urgent task when unable to handle that remotely
  • Finally, to enable an access-anywhere experience, you may think of migrating the in-house systems to cloud; scrutinize the platform and the provider with security in mind, not just the usability and price

Hope this helps. Stay healthy and stay safe – for both yourself and your data.

 

This article is originally published in the Hong Kong Management Association Information Technology Management Newsletter.

About HKMA

The Hong Kong Management Association is a non-profit-making organisation which aims to be the leading professional organisation advancing management excellence in Hong Kong and the region. It provides its members with a platform for exchange of ideas, networking and personal development and to promote best practices in management, nurturing human capital through management education and training at all levels.
www.hkma.org.hk

Similar articles

Reinsurance
Insight

New entrants plug capacity gaps at January reinsurance renewals

Rates increased more moderately at the recent January reinsurance renewals than perhaps expected on the back of a generally hardening insurance market. Sufficient reinsurance capacity plus a few new players plugging some gaps helped ease pressure while reinsurers focused on claims uncertainty instead of strict rate discipline.

Rugby
Insight

Enabling sports events during Covid-19

The commercial pressure on sporting organisations, clubs and athletes to resume training and competitions has been growing significantly in recent months. Creative solutions such as those found for the English Premier League or the NBA may show the way forward.

M&A covid19
Insight

How COVID-19 is impacting M&A insurance

It is important to remember that W&I insurance first gained real traction during the 2008 financial crisis, successfully enabling investors to de-risk their investments and move forwards more confidently. We are hoping for a much quicker recovery following COVID-19, due to both largely unaffected market fundamentals and PE houses with record high levels of dry powder. As in 2008, there are ways in which insurance can be used to help investors during these uncertain times.

Data security
Insight

How to use data safely to your business' advantage

Data is a hugely valuable resource for any business, particularly since the pandemic has accelerated the digitalisation of the economy and reduced personal interaction. Whilst the smart use of data can offer great growth opportunities for businesses it needs to happen in a controlled manner to avoid lawsuits, regulatory fines and reputational damage.