- in Security by Denver Abernathy
Precautions for Keeping Your Computer Network Safe While Working from Home
You’ve likely heard that hackers are coming out of the woodwork to take advantage of all the novice remote employees. After all, it’s no secret that home networks are generally less secure than their office counterparts. So, the question is, “can your office network be at risk from the actions (or inactions) of home users?” Hopefully, we all know that the answer to this question is, “yes.” If not, THE ANSWER TO THIS QUESTION IS “YES!”
Let me just state first that if you are one of our vDESK customers, then you are safe and that this article does not pertain to you. For those of you who are not vDESK customers, please let the above statement sink in. vDESK is the solution that allows you to sleep at night in situations like this (and the countless more ordinary ones).
Ok, so you’re not a vDESK customer and you still want to be secure in a work-from-home scenario. Let’s first look at why there are risks. What’s the difference?
More...
1. Firewalls
When your users are at the office, they are behind your very secure, up-to-date firewall. When we configure the firewall, we shut down nearly all entry points into the network. Any that are allowed are only allowed from other known, secure locations. Most home networks don’t have true firewalls and are therefore simpler to hack. The office firewall is what allows us to configure Virtual Private Networks (VPNs). If homes had similar setups, we could configure site-to-site VPN tunnels that would be ultra-secure and we’d be left with only the typical VPN headaches, which are still numerous.
As it is, we’re typically relying on a VPN client on the home computer to connect to the firewall at the office. This can be tricky and, depending on configuration, can still leave the office network open to certain vulnerabilities from the remote user. For instance, in order to conserve office Internet bandwidth, and to make the end-user’s work more convenient, we often setup split tunneling for VPN connections. Split tunneling allows the user to browse the Internet using their home Internet service while connected to the office via VPN. Unfortunately, this practice often allows users to bypass the office security functions (e.g. web traffic controls) and it leaves the office open to attack if the end-user’s computer is compromised while connected to the VPN. Without it, however, VPN usage can be unbearably slow because all Internet traffic must flow through the VPN tunnel.
2. Home Computers
If employees are utilizing their work computers at home, this item is not a concern. If, however, users are allowed to connect to the VPN using their unprotected home computers, then we are concerned. If the end-user’s computer does not have reliable antivirus protection and/or it isn’t up to date with operating system security patches, it is vulnerable. If it is vulnerable, so is the office network when the VPN tunnel is in use. Also, work computers generally have certain web traffic controls (DNS protection). Home computers usually do not.
Many companies no longer rely on on-premises networks or VPN clients. If you’re in this category, you are in a safer position. If all your documents are in the cloud and you are using all SaaS products for ERP systems, etc., you’re only real concern is that the end-user’s computer could be compromised. In this environment, users must be instructed not to save company files to their local computers. The SaaS software should be configured with appropriate time-outs and strong passwords must be enforced.
If you’re unsure of your security situation, please give Promethius a call at 317-733-2388.
