Why we need to help users be better protected at home?

Desktop PC Illustration with a white umbrella and thunderstorm [cyber secruity/ cyber protection]
akindo / Getty Images

You have a great security platform, well harden systems, regular updates regime and a very effective security awareness program with both classroom-style training and online training for your users. You are smashing it and making a difference in keeping your organisation better protected. In spite of all of this, you may be missing a massive vulnerability to your organisation and it may have never crossed your mind until now. What about your user's home and how they protect themselves when they are not in the office?

It is no secret that many users may have multiple at-home devices. These can include computers tablets, phones, IoT smart devices and possibly even smart fridges/fish tanks. We all know that many of these devices come with threats that could cause a breach that’s why on the corporate networks we isolate IoT devices on a different part of the network that reduces the impact they could have if they are accessed by a malicious actor. Are you aware of what devices your users use? For example, a smart printer that can communicate through an app on the user's phone to print. Do these users know that they need to change default logins and enable security features that could protect them from an attack? 

What about the smart home assistants (Google Home, Amazon echo) that many early adopters are using? What about an IoT doorbell? Could these devices allow malicious actors to access their network? The answer is yes (Check out that here), this particular Ring doorbell issue has been patched but as with most devices there will be other vulnerabilities found that could be just as damaging (and a lot of users probably won't know about the issue and not patch it). These are just a few issues I have plucked out of the air and there are plenty more that could be a catastrophe if they were on your corporate network. How does this affect your corporate systems?

Many users regularly work from home or remotely, they may have protected devices that have been provided to them however they will be connecting those devices to their home Wi-Fi or LAN, or (god forbid) Free Wi-Fi environments, for example Airports whilst travelling for work or cafes (shudder). Do you have control of these environments? No, you don't. Do you even know what is lurking in the dark corners of these networks? Could a malicious actor be waiting for the perfect opportunity to strike? Are they constantly poking and prodding your corporate devices to find a way in? It is entirely possible. They probably didn't target the user’s home systems to get access to your business but I can guarantee that if they see an opportunity that will be fruitful they will take the opportunity to attack.

They have no boundaries, no rules governing them. They are in it for the money or any potential gains they can get Do you believe now that we should consider ways that we can help educate our users about being better protected at home as part of our awareness programs? I am not saying that you all need to take control of user home networks or support them as part of your help desk services (obviously if that’s how far you want to go with it, go your hardest), what I think you need to do is possibly provide some training on possible risks that users need to consider at home, educate them about turning on security features on smart devices about the importance of having at least a good antivirus program.

I would also suggest that you may even want to offer licences for your security platforms (AV) to your staff, it would be a minimal cost to help protect your users at home and could help prevent an incident. I know budgets are tight and that may not be a possibility but maybe worth the costs if you can handle the expense.

Think about this though, if your team can help your users be safer at home that education and security improvement will flow through to your user’s corporate behaviours. That small cost that you incur to do this could provide the difference needed to prevent them from being a victim of a breach at home and also being a more secure user in the corporate systems.

So, let’s go back to that first question, should you help your users be better protected in their environments? Absolutely. I feel that the benefits will greatly out weight the costs, offer your staff a 1 hour/30 minutes remote sessions with your help desk team each year or quarter or whatever you feel is enough to help your staff be more secure, teach them, don't just do it for them. It's all about the education process, help them to be better with their own devices. Help them know where to get apps from, how they should set up devices and that they should reach out for help if they can't do it themselves, this doesn't have to be the company IT desk, teach them the value of setting things up securely and they will be happy to pay for external support to help.

The value you in investing in your staff/users speaks for itself, if not just for the security benefits what about staff morale. If your staff feel that your organisation wants to invest in protecting them in their personal lives as well as in their business lives they are more likely to be happy with their current work environments and want to be a part of that company. Staff retention is a hard thing to achieve and a simple gesture such as this could be that tipping point.

As always Let me know what you think, tell me if you think this will make a difference or not? I want to know what you all think, let’s work together to close all the security gaps and just create a safer online world for us all.

Till Next time…

Related:

Copyright © 2020 IDG Communications, Inc.

What is security's role in digital transformation?