Back in December 2019, most professionals were working in offices, sitting in front of a computer screen, surrounded by colleagues in their own similar workspaces. Within six months, they would find themselves working in front of a bedroom wall or kitchen window, communicating with colleagues by phone or video.
Workplaces dramatically transformed from centralised spaces housing hundreds or thousands of fellow workers to hundreds or thousands of dispersed diverse spaces with a single worker.
Those spaces were not purpose-built or designed for a mass of people pursuing their daily tasks as employees for the business. Instead, as the pandemic tightened its grip, each individual had to try and improvise a working space inside their home environment.
Needless to say, this was a challenge for businesses forced to rapidly shift the bulk of their employees to remote working.
Research published by Ponemon Institute in October 2020 found 47% of respondents were concerned at their inability to control risks created by the lack of physical security in their workers’ homes and other locations.
Homes can be less secure
Concern over the physical security of dispersed home workspaces is understandable. Working from home appears intrinsically less secure than working in an office.
Physical access to an office or corporate premises, for example, is usually vetted and monitored by a security presence at the reception. At the very least, visitors are expected to sign in and be vouched for by the person they are visiting. Visits are also confined to office hours.
By contrast, visitors to the home can appear at any time, they can be let in by anybody else in the house and they can be there for a variety of purposes.
An unattended PC, laptop or tablet in the home could have valuable company information displayed on the screen visible to anyone coming into the room – or even to someone looking through the window.
If the devices are used by other family members, they might see something confidential on the screen that they shouldn’t.
These are practical security issues that most employees should have been made aware of as part of their training. A level of complacency may have crept in from the security of working inside the company perimeter.
This is why you need to ensure employees are reminded of the risks now they are outside the company bounds. Remember: many of these employees would not otherwise be working from home.
Then there’s the risk of burglary. Are employees’ homes as secure as your company premises? You can apply a consistent level of physical security for all the devices in your company premises, it’s much harder for homes.
Thanks to COVID, many corporate devices are scattered across a wide range of houses with varying levels of security, depending on what people are willing to pay to protect their homes.
It’s unrealistic to expect employees to apply the same physical security in their homes – dedicated security guards for example – that your business would employ.
There are limitations to how physically secure a home office can be. One way to try and alleviate some of the concerns over the physical security of home workplaces is to strengthen the digital defences of the devices being used in them.
Security measures can protect the company data and network when accessed from a remote device. For example, businesses might grant remote access while ensuring the data is not downloaded to the devices but remains onsite or in the cloud.
In this case, employees log in via their remote device to see and work with company data, but it‘s not shared to the desktop or the hard drive.
Security on those endpoint devices needs to be able to detect threats to the network. Updates and patches need to be automated to cover a widely dispersed estate of devices.