Clients are increasingly asking GTB to set up staff with access from their home computer to remotely access business networks and data. This can save the employer needing to provide an employee with a computer they can take home, but it comes with some serious risks.
Remote access has been responsible for a large percentage of all hacking breaches and malware incidents in 2021.
However, remote working is likely to remain part of the new ‘business as usual’, with nearly 40% of employees working from home during the lockdowns.
Before your employees use their personal computers to log into your work network, you need to know this:
· Logging on remotely to the network raises several security issues.
· For the computers on your network inside your business premises, GTB protects your network with layers of security that are appropriate to your needs and for the price you are willing to pay*.
· By using a personal computer and logging in from home, that computer won’t be a part of these layers of protection and in fact may not have any protection whatsoever. Something or someone nasty could infect or takeover that home computer, and then have access directly into your work network.
· Another factor to consider is that there may also be other members of the family using this computer, who are visiting websites that can create security issues. Many “cool” and “free” sites are in fact dangerous sites wanting to get you to click on something, only to give you something else – often without you realising it. Yes, even sites as common as Facebook, Instagram and YouTube can result in a security incident or breech.
(* Please ask if you have any questions about your security).
Recommendations:
1) Our first recommendation is that personal computers are NOT used to connect to your work network. This recommendation is optimal from the security situation, but we understand is also the highest cost.
What this means is alternative hardware like laptops would need to be purchased for people who need to work from home. These devices would then need to be dedicated for business use only and having prudent security on them as per a work computer. Simply put this is the most secure solution and is the solution that many government departments and businesses now utilise to ensure security.
The below suggestions of using any personal computer are risky and are simply mitigation measures.
2) The minimum acceptable recommended solution is to have a computer, even if owned by the employee, where the employer agrees with the employee that this machine will have the GTB managed anti-virus solution. By ‘managed’ we mean in part that issues and potential issues noted by GTB will be followed up at employer expense; for example, if patching (Windows updates) get out of date, or if the anti-virus software generates alerts.
3) Our middle recommendation is that home computers have both a manged anti-virus solution and GTB remote monitoring and management agent. Please note that any and all work on personal computers or to support users will be billed to the business and not the individual.
We further recommend that:
4) When discussing use of their personal computer with employees, employers discuss and agree who will have access to it and what functions it may perform. For example, is it ok for the grandkids to browse the internet and play online games (both of which are risky)?
Best of all would be only limited and safe personal use. Employers have no right to tell people what they can and can’t do with their personal computer, but employers do have an obligation to safeguard their valuable network and data from unreasonable risks; especially if that data contains personal information about customers, clients, or patients.
Our comments are technical, not contractual
We realise that this topic can be fraught and complicated, and from our reading, there is no clear direction yet for employers in New Zealand on what to do. From an HR perspective, employees should be given the tools to do their jobs by the employer. Yet it would be costly especially for smaller businesses, to go handing out laptops (especially if the staff already have a work computer).
So, if staff may be required or wish to work from home, then perhaps they can agree or offer to use their personal computers? GTB does not have an answer for this as an employment contractual matter – so we limit ourselves to a technical observation - using home computers to remotely access work networks and data is risky; and preferably not done. But given that it is being done, adequate protection is prudent.
It can be easy to ignore the risks of remote working as the benefits seem so good:
You save money on travel costs and office space.
You offer your staff greater flexibility.
Minimise the risk of your whole staff having to isolate.
Your employees may be more productive in their own home without everyday distractions in the office.
You and your employees can work outside of office hours
You can hire people living in different locations.
What is remote access:
Remote access is simply the ability to access a computer or network, at home or in an office, from a remote location. Often this is used to access data stored on servers.
You can use a local area network (LAN), a wide area network (WAN), or a virtual private network (VPN) to establish a remote access connection.
Remote access services are any combination of software and hardware that facilitates remote access connections.
Remote Access Risks
The risk of remote access is a hacker gaining deeper access to your organization, exposing you to a host of security threats.
Once they gain access to your system, it will be difficult to prevent data loss and other cyber threats.
Summary
While these recommendations are not fool proof it does go some way to lessening the risk of using unsecure home computers to connect to a network from external places. It makes it harder for people to take over a home personal computer and use it to hack your business network.
For more information and help on how to set up your team for remote access to your network, please feel free to contact the team at GTB.