Home Office Security. Tips For Small And Medium-Sized Businesses

In our January article, we reported on the current security trends, which showed that companies are investing more resources in infrastructure security features and that the level of security is increasing. As a result, attackers are more likely to target employee endpoint devices, and the most vulnerable devices are those that connect to corporate data remotely.

Some companies apply sophisticated, rigorous security methods that limit employees in many ways. For example, common security policies include specially dedicated areas for particular tasks, the control of devices connecting to the corporate network, or physical devices required for multi-factor user authentication.

These practices are very effective but are too costly for smaller businesses. In addition, small businesses often do not have fixed and defined processes for basic workflows. So, how can smaller businesses prevent risks, ensure home office security and not endanger company data?

Maximum Protection At The Infrastructure Level

Outside the company building, there are limited options for maintaining control over all devices accessing the internal network and company data. However, IT administrators can strengthen security at the infrastructure level.

• Secure Sharing In The Cloud: Migrating work tools to the cloud allows you to share documents and materials and centrally manage access to them. As a result, the company has a clear overview of individual user rights and can adjust them at any time. In addition, by implementing an internal system for document sharing and employee cooperation, businesses can avoid using public, unsecured platforms for this purpose. The open-source tools ownCloud or Nextcloud, which also encrypt data, are examples of such systems. Another well-known classic is the licensed version of Microsoft 365.

• Encrypted Access Via VPN: A VPN (a virtual private network) encrypts employee requests using a VPN protocol, verifying the trustworthiness of the connection and providing secure network communication between the user and the company servers, even when connecting over a public Wi-Fi network.
• Network Segmentation: The internal network should be divided into segments for individual departments and purposes. Each network segment should also be secured with a firewall or another security solution. In this way, it is possible to reserve a specific section for sensitive data that can only be accessed by selected users. Overall, the company will gain better insight and control over its data and reduce the possibility of potential threats spreading.
• Updates And Patches: Perform regular operating system, firmware, and software updates. Updates must also be coordinated with current CVE vulnerabilities in various tools (CVE – Common Vulnerabilities and Exposures – is a database that records and classifies vulnerabilities).
• Multi-Factor Authentication: Security enhancement for user login and authentication can be set centrally in some systems, such as Microsoft 365. In other cases, third-party tools, such as Google Authenticator, can be used and linked to open-source software such as GitLab.
• Identity Management: Identity management allows companies to track who has access to certain information and systems within the corporate network. It helps to protect sensitive data and meet legislative and regulatory requirements. Identity management also automates the processes associated with assigning, revoking, and managing access rights. One of the tools of identity management is multi-factor authentication. However, it also includes other services, such as single sign-on (allowing users to access multiple systems under a single login), identity management systems (automates processes), and directory services (mainly used to centralise information about users and groups). At MasterDC, we operate and manage the Active Directory system from Microsoft for our customers for this purpose
• Limiting Privileges On Company Computers: One of the most basic ways to eliminate the probability of malware is to limit privileges on specific employee devices. For example, a user without an administrator account cannot install anything themselves and must request assistance from a system administrator.
• Malware Protection: Malware is distributed through spam, downloads from the web, or exploits vulnerable software. Therefore, a firewall, antispam filter, or anti-malware software should be a standard part of every employee’s device.
• Good Quality Mail Server: Malware or phishing attempts can be filtered out with the help of a reliable mail server so they do not even reach the employees’ mailbox. There are various technologies for filtering email;
• Regular Backups: This is such a simple tip, but it must not be neglected in the context of security. However, if the backup system is not set up correctly, it will only become apparent in practice. Therefore, data recovery from backups should be tested and verified to see if it meets the needs of the business. Unlike the other points above, the backup system does not serve as prevention, but it will facilitate the company’s recovery after a potential cyber-attack.

Inform Employees About The Risks

At a certain point, even the best protection options end and the security of the company’s data is in the hands of employees. An overview of current threats and their forms helps employees identify and react to potential risks. In addition, every member of the organisation must remember that regular updates to the software they use are essential for business continuity and should be made as soon as possible. This also applies to the operating system and tools of computers as well as smartphones.

Employees should also avoid using private hardware for work purposes. Password format or storage is also important – you can find some tips in our earlier article: Do you have a safe password? Find out if you are choosing a good one.

Many employees are still unaware of the difference between working in an office and remote access. Therefore, communication and education are the easiest ways to prevent it. When combined with the infrastructure security tips above, smaller businesses can ensure their data is protected at a reasonable cost without compromising the comfort of their employees.