• Motorburn
      Because cars are gadgets
    • Gearburn
      Incisive reviews for the gadget obsessed
    • Ventureburn
      Startup news for emerging markets
    • Jobsburn
      Digital industry jobs for the anti 9 to 5!

6 ½ Considerations for securing the home office

Telework predates the BYOD phenomenon by decades. Despite Yahoo!’s move to the contrary, many organizations are shrinking their office spaces and expanding their employees’ ability to work from home. Employees value the flexibility and the lack of a commute, while employers value lower operating costs and workers working extended hours. Even companies that don’t encourage telework specifically frequently have employees working remotely, whether for travel, to accommodate a sick child, or simply to save some extra hours of productivity.

Market research firm, Gartner, even confirmed in a June 2014 study that the desktop computer is, in fact, not dead. Of the 40% of respondents who reported using personal devices for work, the most common device was a desktop PC, presumably in a home office. The bottom line for all of this, though, is that organizations need to take the security of their employees’ home offices seriously.

Let’s take a step back and think about what actually constitutes a modern home office. For some, it’s clearly a space in the home, quite possibly occupied by a desktop computer discarded by the kids in favour of a shiny new i-Device. For others, it might be a desk in the local library or a comfy wing chair at their local coffee house and be accessible to all family. In our exceptionally mobile world, our “home offices” can literally be anywhere that isn’t company property.

What this means is that “securing the home office” is really about taking a holistic approach to endpoint security and remote access rather than making sure that employees have something more than WEP securing their wireless routers at home. Here are some critical best practices for creating secure remote work environments, wherever they might be:

1. Use a VPN
This is a big one. No matter how an employee accesses corporate resources, if done with a correctly implemented VPN tunnel, content moving to and from employee resources is secure. There are even VPNs offered as a service to secure mobile sessions over public WiFi, but building VPNs under corporate control is easy, cost-effective, and ultimately safer than relying on VPNs in the public cloud.

2. Enforce client antivirus installation and updates
Multi-layered approaches to security are critical to ensuring their effectiveness, both within corporate networks and outside of them. At the same time, it can be difficult to ask users to protect themselves or their employers’ networks. Running antivirus updates and OS patches tends to fall fairly low on their list of priorities so implementing services that enforce automatic updates on clients outside of corporate networks is a must for remote workers.

3. Prevent the use of consumer cloud storage products
As consumer cloud storage products like Dropbox and Google Drive have become more full-featured and easy to use, it becomes very tempting for users to simply upload work files to the cloud, alongside Grandma’s pumpkin pie recipe and pictures from last summer’s vacation. Unfortunately, when employees leave a company, there is no way for employers to ensure that corporate assets don’t stay on that desktop computer in the ex-employee’s home office. Preventing access to these services while employees are on the network provides a layer of protection and control, not to mention regulatory compliance for many industries.

4. Provide platforms that avoid the use of removable media and facilitate secure collaboration
Of course, if users can’t upload their files to their personal cloud-based storage account, they’ll be tempted to load them onto flash drives or other removable media to access them at home. Well-publicized vulnerabilities on these types of media, though, make this a dangerous prospect. The solution? Provide business-grade tools for secure file sync and share and enterprise collaboration so the temptation of thumb drives and cloud storage are easy to resist.

5. Wherever possible, secure the environment
While it isn’t possible to go to every users’ home to deploy a access point, and centrally manage them as one can do in a corporate network with optimized security settings, it is possible to require home office users to implement strong encryption on their home routers. Even if that means stepping a user through the setup or offering 4G hotspots at a discount to employees (that use encryption by default), it makes sense to take steps to ensure a relative degree of security on home networks.

6. Security begins with education
Security pros and hackers aren’t born with deep security and networking expertise – why should we expect employees to be automatically savvy enough to avoid the latest phishing scheme or bit of malware?

Unfortunately, that’s all too often the mindset for many organizations, the majority of which rely on firewalls, intrusion prevention systems, and antimalware software to protect their networks but ignore the real weak link in the security chain: users. Even large organizations with strong security measures have been brought down by unwitting users who fell for sophisticated social engineering and disclosed login credentials or introduced malware onto the network.

6 ½. Have a policy
This is the “½ a consideration” because it seems as if it should go without saying. But recent research suggests that a lot of organizations have no written policy on personal devices, home offices, or remote access to company networks and assets. Perhaps this should have been #1 – good, well-thought out policies that both IT and employees can live with is a cornerstone of good security. To implement policy with technology, companies need the underlying policy.


  1. David Clark

    June 10, 2015 at 7:33 am

    VPN is now one of the best option for online data monitoring and data security. Now in USA almost every business company using VPN for online privacy and security it is now best option for all everyone.

  2. Johnathan

    June 10, 2015 at 9:59 am

    If you don’t want to set up your own VPN, you can use another third part, but you do have trust your provider. I always recommend http://reviewmyvpn.com/nordvpn-review

  3. Jon White

    June 10, 2015 at 4:11 pm

    Enterprises are facing more cyber threats than ever. This led to the usage of Business VPN on a wide scale. The reason being it is deployed in the companies is because it equipped employees with secure remote access and online data protection. PureVPN and Orange seems to be the leader in this sector.

  4. Roberto

    June 24, 2015 at 11:15 pm

    It has always been easier for me to use proxies http://buy.fineproxy.org/eng/ rather than VPN. It acts as a gateway between you and the Internet to provide basic functions that protects you online – hiding your IP address, keeping your anonymity and giving you feeling of security;)

More in Security

Just how big a threat is cybercrime to South Africa?

Read More »