Home office security assessment

Exceptional situations lead to special measures. Due to the current events concerning the corona virus, companies are faced with a new challenge: They have to provide their employees on short notice with resources in order to enable them to work efficiently from home. Here, fast practical solutions are sought. IT security is secondary.

The introduction of such infrastructure comes hand in hand with a considerable change of the attack surface of a company. Due to the carelessness regarding security, a wide and maybe easier gateway is opened for attackers in order to access important business components.

Even though employees are trusted, new challenges arise in handling of confidential data such as customer data or business secrets. While access to this data was primarily possible within the internal corporate network only, it is now also possible to access the data via a more exposed IT infrastructure.

Due to these reasons, it is recommended to assess the IT security of a home office implementation in a dedicated security assessment.

As part of a Home Office Security Assessment, the following areas are covered:

  • Evaluation of the employed authentication solution of the company network (SSO, MFA, etc.)
  • Assessment of the se­cure ac­cess to the corporate net­work (e.g,. via VPN), as well as to possible resources in the cloud
  • Re­view of the fire­wall rules to protect the corporate net­work against at­tack­ers
  • Analy­sis of the ap­proach for pro­vi­sion­ing of client sys­tems (stag­ing, pro­vi­sion­ing, etc.)
  • Analy­sis of the processes for client man­agement (patch man­age­ment, pro­tec­tion against mal­ware, etc.)
  • Assessment of se­cu­rity-rel­e­vant con­fig­u­ra­tions and hardening measures of client systems (e.g., disk en­cryp­tion or rights management)
  • Security awareness of em­ploy­ees when work­ing with sen­si­tive data in private or pub­lic spaces (screen pro­tec­tion, screen lock, etc.)

As a re­sult, you re­ceive a de­tailed re­port con­tain­ing the cur­rent IT se­cu­rity of your home of­fice in­fra­struc­ture. An es­sen­tial part of this re­port are rec­om­men­da­tions for im­prove­ments and coun­ter­mea­sures to the find­ings.

Ad­di­tion­ally, an audit of the home of­fice in­fra­struc­ture can be com­bined with a Penetration Test in order to get a bet­ter es­ti­mate of the risk from the view of an ex­ter­nal at­tacker. If the ac­cess from home of­fice con­cerns pri­mar­ily re­sources in the cloud, a com­bi­na­tion with a Cloud Security Assessment is recommended. Fur­ther, it is pos­si­ble to com­bine the as­sess­ment with a more in­tense Assessment of Client Systems.