Working from home: Securing your new workplace

Working from home is the “new normal” for many businesses and their employees. These arrangements may have been put together quickly and can often involve the use of unsecured devices and remote connections, but there are certain steps you can take to protect your employees and business. We’ve assembled an essential guide for you.

Recoginize all the devices used by your employees

Remote devices

If you have employees working remotely, you should identify what kind of devices they’re using: company-provided PCs, laptops, tablets, smart phones and perhaps all of the above. Some of these devices may not be configured securely, either because they were used as a stopgap measure due to the rapid spread of COVID-19, or maybe you never got around to doing it. Due to the lack of opportunity to plan and coordinate alternate work arrangements, there’s a good chance many of the current touchpoints with your business may be unsecure.

Personal devices

Using a personal computer or device adds another layer of risk to your business. These devices might not be equipped with an antivirus, have installed security updates, or adequate security controls (such as a strong password). Once you have identified what kind of devices your employees are using, you can help them take certain steps to increase the security of their interactions with your business.

Keeping your workplace secure is everyone's responsibility 

Allowing your employees to use unsecure devices or connections is much like leaving the back door to your house unlocked, or your windows open. None of the cyber risks that your business faced before the pandemic have gone anywhere – in fact, some of them may have increased because hackers can take advantage of any temporary vulnerabilities and be on the lookout for organizations that haven’t secured their remote connections or protected their workers. We’ve already seen examples of phishing attacks using COVID-19 as the “bait” as one example of this kind of opportunistic behaviour. According to a recent Norton report, coronavirus-themed phishing emails can take different forms ranging from CDC alerts and health advice, to workplace policy emails. These criminals are looking for users to click on an attachment or embedded link, so they can have you download malicious software onto your device.

Learn about ways to secure your networks by reading the full article on Grant Thornton’s COVID-19 Information Hub.


David Florio

Southern Ontario Leader, Advisory Services

Grant Thornton LLP Canada

T +1 416 369 6415