With many of us now working from home, it worth understanding whether our domestic internet connections are a good fit for business purposes
Back in March 2020, employees around the world were locked out of their offices and told to stay and work from home. They were mostly armed with corporate-issued laptops and mobile devices, and expected to carry on with work from home.
All seems fine, right? A number of employees were likely working in a more agile fashion, meaning less time spent in the office, and a lot less time spent at the same desk.
There is one major concern to this setup, though: how secure is the home wireless network?
It’s likely built to be strong enough to provide high-quality internet so you can run streaming services, browse the web, and use your devices. But aside from these more consumer uses, is home wi-fi good enough for corporate use? And, if not, is it time businesses considered this?
The next stage
Quentyn Taylor, director of information security at Canon Europe, says the next stage of remote working will be where companies care about the internet connection their employees have. He cited an example where a person he was talking to was unable to retrieve his details as their internet connection was not fast enough. “The point is we are in emergency mode,” he says, “and when we come out of it and out of lockdown and back to business as usual, not having fast enough internet will no longer be acceptable.”
Taylor says there being no regulation on broadband was correct, but there should be more standardization on the quality and speed. He also says that as businesses are saving money on office internet cabling, HVAC and replacing office services like phones and printers with home-printing options, this will be a sensible investment area. “Some companies have a transient workforce, and industry will look to them to see what worked and how they set it up.”
How secure is your wi-fi?
The dilemma here is about the security of consumer wi-fi: Is it at a level where employees are actually secure, or are they working on (mostly) secure devices, connecting via consumer wi-fi to sensitive data?
A recent survey by OneLogin of 2,000 remote workers based in the US and UK found that 28% have worked on a public and “potentially unsecured wi-fi since the move to remote working.”
Ken Munro, partner at Pen Test Partners, said he does not have any particular issue with home wi-fi being used for remote working, “so long as there’s dedicated corporate hardware – like a laptop, VPN, certificates and strong or multi-factor authentication to it.” He recommends replacing the ISP router “with something you have more control over,” and says “a hardware firewall between the router and your home network would also be wise.”
Essentially, this is about finding a way out of a situation that many people were put in, and for businesses to determine what the agility of their employees will be when lockdown comes to an end. Lisa Forte, partner at Red Goat Cyber Security, said many employees were put into a position where they did not have an alternative, where they were put in a “working from home environment, where the employer doesn’t see what settings they have and what firewall, anti-virus and VPN they use.” She believed that “nowhere near enough was done.”
Forte told the story of a friend who works for a US bank that had a ‘lassez-faire’ attitude to computer security. Because of a lack of visibility over what had been accessed, Forte offered her expertise to “set up her laptop to a basic level, as they had bought her a laptop and not set it up,” requiring her to step in and help.
The statistics of remote worker security do not make for happy reading. The OneLogin survey also found that 62% of respondents had anti-virus software deployed by their employer; 36% used a VPN; 41% had deployed multi-factor authentication; and security best practices were only offered to 44% of respondents.
Solution on the horizon?
What’s the solution here? James Bore, director of Bores Consultancy Ltd, says that “ripping out people’s home network and replacing them with corporate isn’t realistic” as this involves entering an employee’s home, which is a challenge legally from a social distancing angle, as well as the employee being happy about the company’s IT team entering their home and changing their personal internet options.
Bore says if you’re using a secure and trusted VPN, and not trusting anything outside the device that you control, this is a method “that most companies are capable of, without changing their current setups too much, and in the majority of cases is absolutely fine.” This could, he says, involve some form of mobile device management, endpoint protection and response solution or various other capabilities depending on what’s in place at the organization.
“The ideal general solution for maximum security and flexibility, which does require more setup and planning, would be to use a virtual desktop setup for all employees, which is completely under company control, with secure authentication for access,” Bore says.
“It does mean you’re then reliant on an internet connection, but it drastically lowers the exposure of company information and systems to any insecure environment in an employee’s home, while not bringing in any of the ethical concerns which come into play when a company tries to dictate home environments instead.”
The end in sight
As we approach the anniversary of the first year of lockdown with a return to normality in sight, it’s also time to consider how well businesses have done in preventing security issues. As Quentyn Taylor said, we need to look at businesses that had rolled out agile working successfully, and understand how it worked and what their technical setup was to make the situation preferable for both the employee and business.
There are still many questions to be answered on home wi-fi for corporate use, and maybe the next step forward will be to look for better options for the home worker. But the attitude of ‘this has worked until now’ may not be a long-term option.