This year, many of us have had to shift a large part of our business operations to our home offices. Not only have our homes become a command center for conducting sensitive business, but it is also the place where our kids are experiencing online learning for the first time. Our kitchen tables are our conference rooms, classrooms, parks for family reunions, the local dive, and our day-to-day workspace all rolled into one.
We have had to pivot from stopping by someone’s desk with a question to trying to coordinate a video call over chat or phone, essentially overnight. As we mix our personal and professional lives, we have to consider what internet security is safe for our businesses, yet flexible enough for our families and our homes. Which platforms are secure? What can we trust with our internal memos and conversations, etc.?
Information Security covers an amazingly broad set of responsibilities. (ISC)²’s CISSP exam is the gold standard certification to trust for the latest information security protocols. This certification categorizes information security into 8 domains. For this purpose, we will focus on the domain of “Communications and Network Security”
At home, we are not used to the same rigorous safety protocols that are standard in a workplace. If you were to ask the question, “How secure should we be at home?” The answer would depend entirely on how secure you are willing to allow it to be. IT professionals and companies have written protocols to balance being safe, while still being able to do the job right. Most software tools for enterprise use have an expectation that there will be a professional Information Technology team configuring, deploying, patching, and maintaining the system.
So what do we do now that we’ve picked up solutions to work in a pinch, and maybe we didn’t give much strategy behind planning meetings, financial meetings, legal proceedings or doctor’s appointments? To that end, here are some items that can help make things a little more private and secure for all us trying to live our lives online:
- Set a password on your meetings (where available).
- Don’t have confidential meetings in a non-password protected space.
- Enable the setting that the meeting Host must allow participants to join.
- Use streaming services as opposed to meetings where it makes sense.
- Do not broadcast if it does not make sense, sometimes a phone call / phone tree is the right answer.
Obviously these solutions are small items to try and fix a very large problem, and I fully realize that there are cases where it is simply unavoidable to just “make it work”. If you find yourself in that situation, I would advise a “less is more” approach. Document what you have to with the online solution, but for sensitive information, use the phone. For personal chats, combining 1 & 3 above should provide an appropriate amount of privacy and security for casual conversations.
There are a lot of resources out there that go into much deeper solutions for providing maximum privacy and security over online communications, which gets into conversations about availability vs security and privacy vs ease of use. I do not expect anyone to set up a self-hosted chat server, accessible only by their family’s IP addresses, or over their personally configured VPN. That is not a technical necessity for most of us. However, if your employer says that “All sensitive conversations must be held over the corporate VPN” that is another matter.
I would like to close out by asking those of you who are a little more technical to help those that are not very technical. If your child’s school is leaving their virtual classrooms open, ask if you can help the teacher by explaining how to password protect it (or walk them through it on a screen share), email your coworkers a link instead of telling them the meeting code, ask if your church / library / professional society / HOA needs someone to host and technically moderate a meeting for them. A lot of companies have spent their time trying to make these technologies easy to use, but there is still a learning curve to get started that some of us have not tackled yet.
If you need help, let us know. We are here for you, and as a company that has a large stake in operating remotely, we are going through this with you. Let us know in the comments how you are dealing with the challenges of business security in your home.