Intelligent CISO Issue 24 | Page 62

REMOTE WORKING DUE TO CORONAVIRUS? HERE’S HOW TO DO IT SECURELY With concerns over the current Coronavirus (COVID-19) outbreak and the need to keep at-risk staff away from the office has brought working from home to the top of everyone’s mind. As many organisations are enabling and exploring this opportunity, it is important for users and companies to stay secure while protecting everyone’s physical health. Paul Ducklin, Principal Research Scientist, Sophos, has listed a few tips to keep users safe while working from home. any if not most M organisations have already crossed the ‘working from home’, or at least the ‘working while on the road’ bridge. If you’re on the IT team, you’re probably used to preparing laptops for staff to use remotely and setting up mobile phones with access to company data. But global concerns over the current Coronavirus (COVID-19) outbreak and the need to keep at-risk staff away from the office, means that lots of companies may soon and suddenly end up with lots more staff working from home and it’s vital not to let the precautions intended to protect the physical health of your staff turn into a threat to their cybersecurity health at the same time. Importantly, if you have a colleague who needs to work from home specifically to stay away from the office then you can no longer use the tried-and-tested approach of getting them to come in once to collect their new laptop and phone, and to receive the on-site training that you hope will make them a safer teleworker. It may be a case of setting remote users up from scratch, entirely remotely which could be something new to you. So here are our five tips for working from home safely: Make sure it’s easy for your users to get started Look for security products that offer a Self-Service Portal (SSP). You are looking for a service to which a remote Paul Ducklin, Principal Research Scientist, Sophos user can connect, perhaps with a brand new laptop they ordered themselves, and set it up safely and easily without needing to hand it over to the IT department first. Many SSPs also allow the user to choose between different levels of access so they can safely connect either a personal device (albeit with less access to fewer company systems than they’d get with a dedicated device) or a device that will be used only for company work. The three key things you want to be able to set up easily and correctly are: encryption, protection and patching. Encryption means making sure that full-device encryption is turned on and 62 Issue 24 | www.intelligentciso.com