13 Useful Pointers for Working from Home
Further to my blog last October, I wanted to revisit this topic and provide 13 useful pointers for working from home.
Background
The landscape of work in the UK has transformed significantly, with a notable shift towards remote working practices.
According to the latest data from the Office for National Statistics, the proportion of UK employees working from home has more than doubled since pre-pandemic levels, rising from 14.5% to 30.6%.
This change is reflected across various regions, with Scotland experiencing the most substantial increase.
The end of the legal requirement to work from home in January 2022 has also led to a diversification in working models, including hybrid arrangements.
Furthermore, another recent survey indicates that 14.3% of UK workers who do not primarily work from home still engaged in remote work for at least one day within a specific reference week.
This shift is not only a response to the pandemic, but also aligns with a growing demand for flexible work arrangements, which has become a significant factor in talent acquisition and retention.
Employers are now increasingly offering training for those changing career and flexibility options for experienced recruits, recognising the ‘flex appeal’ as a critical component of the current job market. The evolution of workspaces to accommodate hybrid working models, with a focus on collaboration and social interaction, underscores the ongoing adaptation to this new normal.
The latest empirical evidence indicates a significant shift towards remote and hybrid working models among UK employees. A study from September 2022 reported that approximately 22% of the workforce in Great Britain worked from home at least one day in the previous week, with around13% working exclusively from home.
Surveys from 2021 and 2022 suggest that over 80% of employees who worked from home due to the pandemic expressed a preference for a hybrid working model in the future. This trend is supported by findings that older workers, aged 50 to 69, experienced improved work-life balance and well-being when working from home, potentially influencing their retirement plans.
13 Steps for Enabling Secure Home Working
So, it looks like WFH is here to stay in some capacity or another. But with the increase in the volume and sophistication of cyber threats how can employers ensure their home workers are protected when they are not surrounded by the umbrella of security measures provided by their corporate in-house network, whilst in the office.
Consider the following and brief in your IT Manager to: –
- Ensure automatic security updates are enabled for all remote/home workers as well as all other users, endpoints, and servers to ensure systems are always fully patched.
- Re-evaluate data security tools/strategy in the context of remote/home working to identify and fill any gaps in data security across collaboration and remote working tools, and BYOD devices.
- Adopt a zero-trust approach to security to require strict user and device authentication and authorisation throughout the network to verify the identity and access rights of the person or entity requesting access.
- Optimise the security tools set to support zero-trust and risk mitigation and retain only those tools that really help to achieve these goals to reduce complexity and increase effective security.
- Implement multifactor authentication (MFA) at the very least to reduce reliance on passwords as the only method of authentication and protect against credential theft through phishing and investigate options for adopting passwordless authentication – Windows Hello is a good example of this.
- Implement encryption for all storage and transfers of sensitive data so that even if the data is exposed it will be useless to attackers without the decryption key. Fusion recommend Mimecast for the encryption of email when transferring sensitive information.
- Update or deploy data leakage prevention (DLP) and Sensitivity Labels to prevent the unintended exposure of sensitive data.
- Implement a privileged access management solution to monitor, log and control all activities by privileged users. It Is also important to consider Insider Threat Management (ITM), which is related to this area.
- Implement effective endpoint protection, detection and response (EDR and XDR) solutions for all devices and a unified endpoint management (UEM) solution to improve security around BYOD devices.
- Consider using a cloud-based desktop as a service, virtual desktop, and secure remote access solutions where employees are using their own laptops instead of enterprise owned and maintained devices to ensure security policy enforcement.
- Evaluate whether SASE cloud architecture is the right approach for your organisation to enable workers to access cloud-based and on-premise services securely from anywhere on any device.
- Plan for the worst by implementing systems and processes or services to enable the organisation to detect, respond and recover from breaches, including a defensive SOC. Depending on the scale of your organisation, even consider Sophos MDR for proactive human-led threat hunting.
- Educate employees about security risks by implementing regular, short, focused awareness training to improve understanding of threats, attacks and their role in improving security. Sophos Phish Threat is a great example of an excellent solution to train Users in what to look out for in a potential phishing attack. Also take advantage of free resources online to guard against phishing.
So, whilst 13 is often seen as an unlucky number, adopting the above pointers will hopefully protect remote workers when WFH.
Thanks
Richard