COVID-19 RESOURCE HUB
The dangers of working from home and how to protect your business
by Ed Blackman, Reckon CTO
5 min read
Millions of businesses worldwide are now entirely working from home and cyber criminals will be out there seeing this as an opportunity. They’ll be targeting and attacking businesses in these situations, and with more staff working outside of the protected perimeter of the office network, the avenues for attack are greater.
A common thing you could be the victim of is a Ransomware attack where your data gets encrypted and you’re unable to retrieve it and, to make matters worse, you might have no backups.
The other really big one is invoice fraud. Criminals get control of email accounts, monitor them and resend invoices with new payment details, getting away with money paid into their own accounts.
During the middle of the COVID-19 crisis, you have to make sure your business is flexible but secure in the way it now operates. That’s why for Reckon, from a technology point of view and facilitating the ability for staff to work from home, I’m going to always look back at this transition as a success, because in our situation, we were able to get staff working from home quickly and securely.
In 12 months, when I hope the COVID-19 crisis has passed, I’d be really interested to see what the working environment is like and whether there are long term changes as a result. I think IT security will be higher on people’s agendas. It already was high, however there is potential for more high-profile security breaches to occur over the coming period with so many people working from home.
Working from home at Reckon
We already had business continuity and disaster recovery plans that were documented and tested. When it came to implementation, it was interesting because suddenly all sorts of questions came up in my mind.
Had we actually thought of every possible scenario? How were we actually going to do that?
We knew we were capable of it, but we’d never really tested for every single staff member at the same time. That was the biggest shift between what was planned and tested and then what we actually put into practice. First of all, we needed to get enough information from every staff member to understand whether they had the capability to work from home. We used a secure survey mechanism to gather that information quickly and had great staff engagement, which was helpful because they see COVID-19 as an important public health issue.
Things to consider when working from home
To be honest, I was surprised that we achieved getting people up and running at home so quickly. I thought it would take much longer but the whole process only took a week.
From the survey results, about 75% of staff were ready to work from home, but it took about four days to enable the remainder, whether that be to source them a laptop or work through OHS concerns about their home workspace.
There were some minor things we hadn’t thought of that needed to be solved. One was, we had a few processes where managers had to specifically sign paper documents. We educated those mangers on how it could be done online using a free, standard tool like Adobe Acrobat Reader that encrypts documents that can’t be modified once signed.
But for our Reckon customers, who’ve got all sorts of businesses ranging from a construction business that’s using Reckon One or Reckon Accounts Hosted up to a big four accounting firm using APS. There’s a massive range between those two in terms of whether they can actually continue their business from home or not.
There are businesses that don’t work in an office environment and social distancing rules will have a big impact on whether they can continue. Some of the bigger organisations, they already have very detailed business continuity plans they were able to turn on at a moment’s notice. Some of those bigger organisations probably moved even more swiftly than Reckon did.
But if your business is still facing the challenge of working from home, there are a whole range of things to consider here, especially equipment.
If you have a work laptop, that’s fantastic. That can easily be transported from work to home and will be secure, providing you already have good security controls in place on that device. This might include endpoint protection (anti-virus) and policy settings controlling password complexity and rotation.
But if you or your staff are going to use a BYOD (bring your own device), there are a few security considerations. For example:
- Is it shared with family members and open to security breaches?
- Does it have a strong, secure password?
- Does it have anti-virus software?
- Are the operating systems up to date with the latest security updates? (eg: Only Windows 8.1 or later and a Mac OS released in the past two years that are still supported with security updates)
- Do you have cloud systems that avoid storing sensitive information on the BYOD?
- Have you got multi-factor authentication (MFA) for cloud systems like Microsoft Office 365?
Most people don’t do this, but you should have a different username and password for everything single thing you log into. In practice, the best way to do that is to use a password manager, such as LastPass or KeePass. Unfortunately, for most people that’s a bit too much. So, at a minimum, I’d recommended keeping all of the consumer level and non-business passwords and usernames completely separate from your business ones.
If you use Office 365, it’s the first thing you should lock down with MFA because it’s the thing that criminals are attacking the most because it’s a nice, big target. There are a lot of very successful frauds and scams that thousands of businesses are succumbing to every day.
Any of your email accounts should be secure behind MFA. Email is key because quite often it’s used to reset passwords. If someone breaks into your email, and that’s the same email account you’re using for a whole bunch of different accounts, then they can reset your password and get access to all your stuff.
Making sure your home internet can survive
You’ve probably noticed in the past few weeks whether your home internet connection is actually fast and stable. This has become very apparent with video conferencing, which is what everyone’s now doing.
There are four things to consider with your home connection: latency, stability, Wi-Fi and bandwidth.
The biggest impact on video conferencing is the latency of the connection; how many hops you are from the exchange or from the person you’re talking with.
Stability of the connection is also important. Real time video is notoriously terrible when the connection is constantly dropping in and out. We had one example where someone had a good internet connection at home, but they couldn’t get video conferencing to work properly. “My Netflix is working fine!” they said, but the big different between Netflix and video conferencing is that Netflix buffers ahead of time. It can deal with issues in connections.
At home, most people use a router with Wi-Fi in-built that was provided by their ISP. That usually works fine for a small area, but when you get to larger houses or even lots of brick walls, those systems can become incapable of holding a good solid connection to the whole of the house.
It’s a hard one to fix because you’ll need additional support and most ISPs don’t want to give this sort of support to people. A tech savvy friend or relative is usually the likely avenue to improve someone’s home network, but that’s becoming harder with social distancing measures in place.
In terms of internet bandwidth, if people are on a plan that has a limit on the amount they can download, they may find that they hit that limit quickly while working from home. In some cases, that just means you’ll get a big bill at the end of the month or your bandwidth is throttled.
People should be looking at those limits and seeing whether they can increase them. If you do, be careful because it’s an unknown amount of time that we’re going to need to work from home, so don’t lock yourself into a new, long-term contract.
How Reckon can help and tips for the future
I would highly recommend that if small businesses aren’t confident about their security and how they deal with working from home, I would absolutely advise them to get external advice sooner rather than later.
In secure offices, there should be more stringent things like internet filtering and malware protection of all internet traffic that’s not available at home. Offices are also likely to have much stricter firewall rules and that’s also not going to be at home. They’re just a few examples of a reduction in security that leaves people wide open to cyber criminals when working from home.
The key thing is Reckon are here to help. Specifically, if there’s anything that Reckon can help with, then reach out. All of our support lines have remained opened and there’s no change to the capacity. We’re here to support our customers through whatever they’re going through.
Remember: be flexible but secure in the way that you change the way your business operates.