Home-based Offices Introduce New Security Considerations

HFTP Hangout -- Home-based Security

Presented by David Christiansen, CISM, CISSP, PCI-QSA, CEH and Stephen Gaia

Christiansen and GaiaAmongst the many challenges businesses faced this spring, was the quick transition for many to move from business office space to home office space. The order to relocate was abrupt and managers had to scramble to supply their workers with the technological tools to network in the least disruptive way possible. Approximately six weeks later many of us are adjusted to this new norm, but probably can recount in detail the bumps it took to get there. And outside of the central, controlled environment of the office space, security concerns abound with a geographically spread out workplace.

Last week, a HFTP Hangout was held with two security experts from the Venza Group, highlighting security weaknesses for homebound personnel and recommending where to shore up safeguards. The presentation was led by Venza CIO — David Christiansen, CISM, CISSP, PCI-QSA, CEH and Venza Director of Managed Services — Stephen Gaia. The two had been working closely with clients over the past few weeks and are able to pinpoint where businesses need to increase security under this new framework.

Their first recommendation was to revisit emergency preparedness plans to include pandemic responses. While many organizations had documents such as: business continuity plans (BCP), business impact analyses (BIA) and disaster recovery plans, quite often many do not go beyond the out-of-the-box guidelines. The ramifications from this recent situation leaned to a different kind of response than would have been required of the more familiar cyberattack or natural disaster. This time around it has required mobilizing working equipment to build a functioning office far and wide, under a secure network. While it might be too late to enact a predetermined plan now, it is wise to be ready with one for the next time. This includes storing hardened, secure laptops for distribution in the next occurrence.

Back to the here and now, David and Stephen continued the discussion on ways to secure your workforce who is still social distancing. First is to have available to employees remote user support. The remote monitoring and management solutions efficiently secure, maintain and improve IT systems. This is all done from a dashboard that highlights issues, so techs know where to focus their time to maximize security. The support will also help reduce frustration in setting up and maintaining a home work station.

In their discussion, the two emphasized the need for layers of security, a theme that continued throughout their presentation. A first layer is extra-tough email filtering and monitoring. At this time malware through email is on the rise due to heightened vulnerability. Many at home are distracted by concerns for the pandemic and do not have a second reasonable voice – such as a coworker – to help judge the intention of an email. Cybercriminals are capitalizing on this and have increased their attacks. It is crucial to implement inbound and outbound email protection against spam, malware, ransomware, phishing and other email-borne attacks. This added layer of protection can mean the difference between business as usual or extended downtime to fix infected systems, costing a business money and damage to its reputation.

A next layer of protection is the implementation of advanced malware and endpoint protection. Next-gen endpoint protection does not rely only on a store of antivirus signatures or signature-based technology to combat malware. It is a system of security tools that keeps learning about malware (via various techniques and vectors) and countering them in real-time rather than reacting once the damage has already been done. Having this intelligence in place helps to protect from ever-changing threats and helps to recover quickly when ransomware or other exploits occur.

Other key protections include:

  • Advanced firewalls — These tougher firewalls should include multi-factor authentication (MFA), a virtual private network (VPN), an intrusion detection and prevention system, and would be monitored continuously.
  • Robust internet service provider (ISP) — the provider would supply additional bandwidth and a distributed denial of service (DDOS).
  • Laptops — Providing remote workers with laptops versus desktops helps make the setup go smoothly. The collection of laptops would have security systems and the capability to be monitored by remote support personnel.

The last bit of advice is to generate a culture of security awareness amongst staff members through training. This encourages a careful, diligent attention to system use and enlists an attitude of protection from your network users. While the transition to a home-based office has been a bit of a shock to the workplace, with some planning and properly implemented security measures it does not have to be a shock to the system.

Visit PineappleSearch® for the Latest Hospitality News

HFTP’s hospitality-specific search engine Pineapplesearch.com has aggregated special coverage relating to the coronavirus and its evolving impact on the hospitality industry. View the latest coverage today.

Eliza Selig is the HFTP director of communications. She can be reached at eliza.selig@hftp.org.

You May Also Like

About the Author: Eliza Selig