Conducting a remote working cyber security audit
Remote work setups are perhaps the most noticeable of effects that the COVID-19 pandemic has left in the work and business sector. According to a study by the Organisation for Economic Co-operation and Development (OECD), roughly half of Australians worked from home at the height of the pandemic. By the end of that year, Australia had the highest telework rates among the surveyed countries. (1)
While it helped employees keep their sources of income, remote work was of grave concern for companies for one good reason: security. Away from the protective umbrella of enterprise cyber security systems like an Optus internet security suite, home desktops and laptops become highly vulnerable to cyberattacks.
With analysts expecting cyberattacks to increase even after the pandemic, conducting extensive security audits is more critical now than before. For companies that have adopted and will adopt remote work setups, these audits are nothing short of a necessity. Here’s a look into how to do a remote work security audit.
Identify critical areas
Cyber security business experts say the number of possible gateways for attackers increases with the number of people logging in to their work from their home PCs. This sudden influx can help attackers sneak into the company or organisation’s network and wreak havoc.
In this case, conducting the audit first involves knowing the areas of remote work cyber security. According to the Society for Human Resource Management (SHRM), there are seven such areas:
- Remote work policy setup and communication
- Virtual private networks (VPNs)
- Personal device use regulation
- Authorisation and authentication
- Education on phishing and malware trends
- Communication and collaboration security
- Adequate IT security services and support (2)
The last item is arguably the most vital, as many cyber security services provide the complete hardware and software package. Based on the audit results, they can offer the necessary tools like VPNs, anti-malware software, and encrypted networks, among others.
Draft a checklist
No business or organisation likes to learn that there are more holes in its cyber security than it initially thought. But as one saying goes: “Complacency is the enemy of progress.” Not knowing this inconvenient but important fact sets any business or organisation up for a slow and perhaps irrecoverable decline.
Upon sorting out the areas above, the next step is to create a checklist that contains the hardest questions. Considering that the company or organisation’s cyber security roadmap will depend on the answers, it’s only proper for the questions to scrutinise every facet. Various enterprise security services also rely on the information to provide the right products and support.
For general cyber security, it pays to ask:
- Do you have a data loss prevention plan in place?
- Do you regularly educate employees on potential phishing scams?
- Do you have a system to terminate a dismissed or resigned employee’s access?
- Have you addressed issues with the usage of the employee’s home Wi-Fi? (3)
Without a checklist, companies and organisations may find themselves paying more for network security services they either don’t really need or already have. Cyber security investments should ideally be 10% of the yearly IT budget or USD$500,000 (AUD$664,780) at the bare minimum. As such, enterprises must make the most out of every cent. (4)
Perform home and office audits
Having people work from home means conducting security audits for their homes is as vital as doing the same for offices. Residential networks tend to be far less protected than business and organisational networks, owing to factors such as using consumer-grade tech, the plethora of devices connected to the home network, and lax attitudes towards cyber security.
Remote work setups will involve more than just the employee; their family will be as involved in protecting precious business data. They’ll benefit from the company-provided network as much as the employee. They must learn why they should keep the network secure by avoiding risks – even something as simple as believing in an email that’s too good to be true. (5)
More importantly, an employer’s duty to ensure total security doesn’t diminish with adopting remote work. One way to maintain integrity is to screen workers and determine the level of protection their home networks can offer. Consider setting conditions for them, such as getting them to install the necessary cyber security solutions to get their networks up to spec. (5)
Cyber security audits remain not only relevant but also important, even as work moves to the home. The details they present can prove helpful to the company heads and the cyber security services they choose to manage their cyber security upgrades. Such a process isn’t a one-time affair, too, as threats evolve with technology.
Lets conduct a security audit together!
with Kaine Mathrick Tech
- “Teleworking in the COVID-19 pandemic: Trends and prospects”, Source: https://www.oecd.org/coronavirus/policy-responses/teleworking-in-the-covid-19-pandemic-trends-and-prospects-72a416b6/
- “How to Maintain Cybersecurity for Your Remote Workers”, Source: https://www.shrm.org/resourcesandtools/hr-topics/technology/pages/how-to-maintain-cybersecurity-for-your-remote-workers.aspx
- “CHECKLIST | VIRTUALIZING YOUR EMPLOYEES’ OFFICES”, Source: https://dgtechllc.com/checklist-virtualizing-your-employees-offices/
- “Cost of Cyber Attacks vs. Cost of Cyber Security in 2021”, Source: https://pchtechnologies.com/cost-of-cyber-attacks-vs-cost-of-cyber-security-in-2021/
- “SECURITY IN A WORK-FROM-HOME ENVIRONMENT”, Source: https://iia.no/wp-content/uploads/2021/01/2020-GKB-Security-in-a-Work-From-Home-Environment.pdf