Mozilla VP of IT: How to stay secure while remote working
The world is currently undertaking the largest remote working experiment in history, and the UK is no exception. Large corporates such as Facebook and Google have already extended their telecommuting policy through to 2021.
While manufacturing and service industries focus on how to get employees to work on site safely, many businesses are implementing work-from-home policies that will be in place long after the crisis is resolved. Nine out of ten Brits now want the option to work from home at least once a week, largely driven by the desire to cut out their commutes.
Making sure employees stay connected, productive and socially distant are clear priorities, but businesses must not forget this new organisational shift poses serious privacy risks.
Without the right processes and infrastructure in place, the risk of unauthorised data transfers and sharing grows. User privacy is also under threat as employees adapt to new and unfamiliar tools needed to do their job from home. All of this is exacerbated by the simple fact that home networks are hardly ever as secure as corporate networks.
At Mozilla, we’ve been focusing on home office security for some time. Half of our global workforce, and 69% in the UK, were working permanently from home long before the crisis prompted this shift. We’ve learnt that employers need to actively support their employees in creating a secure office environment, particularly given the shift has been sudden and without warning for many.
There are three main areas that must be prioritised when designing a home office: connection security, IT security, and data security.
IT and hardware security
Most company devices and associated software are overseen by an in-house IT expert or a specialised contractor. This means they have the right antivirus software and firewall protections set up, and these are updated regularly. Nearly every company aims to enforce strict rules around the use of private hardware such as laptops or storage devices for work because they are far less secure. However, when working from home, employees are less likely to follow guidelines particularly if they’re not set out clearly.
That’s why business devices should ideally only be used when working, and employees should avoid the temptation to plug in private USBs or visit suspicious websites; while your company’s common protection software can safeguard against many threats, it’s not completely immune.
Moreover, be careful of checking your work and private emails as many criminals try to spread malware in inboxes. Malevolent hackers are impersonating Zoom, Microsoft Teams, and Google Meet for phishing scams, and some are even sending out emails posing as the World Health Organisation.
Data access and transfers
As we access more business resources remotely, it’s important to be aware of the data’s location, especially given many companies expect to have access to employee's data at all times.
As people’s work and home lives increasingly blur, it’s imperative to create a strict separation between private devices and home devices. This includes laptops, smartphones and tablets. Sometimes this simply isn’t possible, so separating where the data is stored is equally important. Most companies use cloud solutions such as Dropbox or One Drive to store their assets and have internal regulations around use - these should always be observed, especially when using a private device.
You should also only use secure, business appropriate platforms when sending data to third parties such as customers, clients or service providers. There are multiple solutions available such as Firefox Send, Smash or Google Drive to make sure data isn’t leaked inadvertently.
Secure internet connection
More sensitive data is being shared from the home than ever before between colleagues. This means making sure data is transferred safely and securely is critical.
A great deal of companies use a virtual private network (VPN) which creates a private network from a public internet connection, ensuring online privacy and anonymity. This is important when accessing documents stored in the internal company network, particularly from home, as it safeguards against anyone intercepting data.
When people access the internet via their private home Wi-Fi they are vulnerable as the network is oftentimes less resilient and able to weather attacks. Many people just use the simple password provided with their modem as well as a weak Wi-Fi key - this isn’t ideal for private use but becomes even more problematic in a professional setting.
There are a few ways employees can safeguard against attacks here. Making sure all firmware and software is up to date is a good first step. You should also use a WPA2 encryption for your Wi-Fi router or WPA3 if it’s available on your device. Remain vigilant and only access company documents and data via a VPN and never do so when connected to free, public networks in cafes and train stations; these are even more vulnerable than home networks.
While there isn’t necessarily a one size fits all approach to designing a secure home office, there are multiple steps you can take to make sure you mitigate as many risks as possible. Businesses are under more pressure than ever, and dealing with online threats may not be top of their agenda, but by focusing on the above you can ensure you have the best practices in place to protect your company’s data.