IT Security In The Home Office – More Security For Remote Work

it-sec

The new year begins as the old one ended: in the home office. Because the Corona crisis has forced many to rethink and the home office has become an integral part of many companies. Studies show that even after the Corona crisis, companies would like to let their employees continue to work in their home office. In today’s article, we show what developments have taken place in this regard over the past year, what risks exist and how you can efficiently increase IT security when working from home.

Home Office – At Home In The Company

In 2021, 32% of employees worked from home: This is the result of a survey by the D21 initiative , which was carried out by the consulting firm Kantar in early summer 2020. 1,154 trainees and employees were surveyed. This means that the number of people working from home has doubled compared to 2020. Many want it to stay like this:

36% of those surveyed would like to spend at least half of their working hours in the home office in the future. For 51% of those respondents who have home office experience, it would be conceivable to further expand home work. However, according to this survey, executives seem to see things differently: Among them, only 25% would like employees to continue working from home after the Corona crisis.

Home Office Tax – A Proposal For The Bin

Not everyone is enthusiastic about the idea of ​​offering more home office hours: Luke Templeman, a Deutsche Bank economist, finds that people who work from home have less money in circulation. This makes them a burden on society – remote workers would no longer pay for the infrastructure but use it when needed. According to Templeman, it only seems right if a corresponding home office tax would create a balance.

However, since in the home office one does not live from e-mails, but has to eat and drink like the staff in the corporate office, and electricity and water costs are also increasing, Templeman’s suggestion can be thrown in the bin. Almost grudgingly, it should also be considered who is making this proposal: an economist from one of those financial institutions that have had to be rescued themselves in almost every crisis in recent years.

Fortunately, the Bundestag thought in a different direction here and cleared the way for tax relief. In 2020 and 2021, employees can deduct up to five euros per home office day from their taxes. This is intended to compensate for the additional burden of working at home – and is therefore much more realistic than Templeman’s proposal. However, there is also a restriction on the tax relief for home office employees: it is only valid for 120 days, i.e. up to 600 euros. Anyone who works from home for more than 120 days is simply unlucky: more is not paid. But at least.

Network Security and Monitoring

Juniper Networks uses an international market research project to examine the perspectives, attitudes and concerns of senior IT network and security professionals from various industries. 1,000 experts were interviewed by the research institute Vanson Bourne on behalf of Juniper Networks . This shows that network security is undoubtedly a ubiquitous and growing challenge – especially in the current situation with many remote employees. In fact, an incredible 97% of those surveyed stated that they saw it as a particular challenge to effectively secure the company network. Furthermore, 86% stated that both reliability and performance of the network should be optimized. So there is a lot of catching up to do!

It also exists in some Microsoft products: The Austrian network activist and researcher Wolfie Christl showed on Twitter How the “Productivity Score” function in Microsoft’s Office 365 monitors the activities of employees in the home office. This score sometimes shows how often individual employees send emails, how often team chats are used and other information. This achieves a level of comparability that can cause confusion: Colleague A sends more emails than colleague B – is he more productive or more talkative? Colleague C mentions other colleagues much less often in chats – isn’t he a team player? All of this information can be included in appraisal interviews or salary negotiations. Certain access rights within the company are required to view the data.

Risks For Network And IT Security

As you can see, there are many considerations as to whether employees should work from home or from their own desks. Many employees are undoubtedly in favor of working from home, but new points of attack in network and data security are causing management headaches. Let’s take a look at some numbers:

  • According to an ESET study, hacker attacks on remote desktop connections (RDP) have increased significantly. In June 2020, 3.4 million attacks were launched on corporate networks within 24 hours. According to ESET, in addition to tapping data, the purpose of these attacks is to distribute ransomware. The security expert ESET has noticed an increase in cyber attacks when working remotely, especially during lockdown times.
  • Over 50% of all remote workers use insecure personal devices to access corporate systems. This is the result of the “Remote Work” study commissioned by CyberArk. Unfortunately, this study also shows the double burden of working parents who have to look after their children: everyday life has to happen quickly, so that there is often no time for security. Unfortunately, this is reflected in other study results: 96% use identical passwords across devices and applications, 26% use the browser’s own and rather insecure password storage for company devices and 20% allow other household members to use the company devices for other activities, such as school work or online Shopping.
  • In 2021, companies often found that their in-house IT infrastructure could not withstand the sudden remote onslaught. There was a lack of security measures. But you also had to react quickly – the solutions had to be implemented quickly. Unfortunately, this was often at the expense of security. Now, after a few months of getting used to it, it is urgently time to increase IT security in the home office!

Optimize IT Security In The Home Office

In the following you will learn how you can increase IT security in the home office with relatively simple means. It is important that you do not see IT security as an annoying cost center. Understand IT security in the home office, but also fundamentally in your organization as an investment in security and future viability.

Secure Access

Create secure access by specifying VPN for access to the company network. Ideally, you collect regulations of this type in a security guideline that is available to all employees both in the home office and directly in the company. On the one hand, it serves as a binding guideline in matters of safety, but on the other hand, it gives employees support if they become unsafe in dealing with it.

In addition to the connection exclusively via VPN, multi-factor authentication is an option. Instead of the usual login with a username and password, there is at least one additional security factor, such as entering a PIN that comes via smartphone.

Use your security policy to set guidelines for passwords: they should be complex and therefore secure. Ideally, you should prohibit the use of one password for multiple services. Otherwise, compromised accounts can be used to open more accounts.

Weak Point Employees: Creating Awareness

The greatest weak point in companies is and remains the human being – and they are also largely responsible for IT security in the home office. Because employees have to be prepared for dangers such as spear phishing , social engineering, phishing, malware and ransomware attacks in order to be able to react accordingly. Secure communication channels must also be created and used, and mobile devices must be protected. All of this can only succeed if the “human weak point” is prepared for these dangers and possible countermeasures through awareness training .

IT Security In The Home Office: More Tips

It is also important to track down and isolate all insecure and outdated end devices. They have no place in the corporate network and should no longer be used. In your security policy, you can note that security patches are applied immediately. Ideally, you decide to install updates automatically so that no security-related patch can be missed.

Encrypt the communication channels. Do without insecure messengers and video conferencing services, use ways that are encrypted. Also pay attention to the security of the no. 1 means of communication: e-mail. E-mail certificates are the method of choice here.

It pays to be systematic. After you have identified, assessed and prioritized the risks for your organization, the security policy can be derived from them. You can implement tried-and-tested solutions promptly to reduce damage quickly. However, medium and long-term considerations must also be made so that IT security in the home office and in the entire company can also be guaranteed in the future.

Leave a Reply

Your email address will not be published. Required fields are marked *