You can’t deny that 2020 has upended every part of our lives, including how we work.
Working at home was already a trend before the pandemic hit. Companies are now treating this trend as a new way of doing business, and with that come many new issues.
An area that cannot get overlooked is making sure workers have the appropriate security tools and safeguards in place to protect themselves and their companies while working remotely. And, while most companies work electronically, remain vigilant to secure assets on paper.
A reshuffled working world has created new kinds of cyber challenges and vulnerabilities that must be addressed. Cyber threats are real, and there are a lot of bad actors who are always looking for weaknesses they can exploit.
Fortunately, every business owner and work-at-home employees can take steps to become a harder target for criminal activity.
20 Tips You Take to Safeguard Your Cyber Assets
- Educate yourself. Personal computers not controlled by a company may lack the necessary safeguards to protect against cyber threats. Also, employees may not understand certain actions, such as opening a suspicious file, could create a security breach. Employees may also not have adequate anti-viral software or may not erase sensitive company information from personal devices. It’s up to both the employer and the employee to learn and engage in best practices in these areas. New policies governing work-at-home cyber protection may need to be created.
- Create a secure technical infrastructure. To create a work environment that protects a company’s assets and employee’s actions, it may be necessary to upgrade or install a new cyber secure system that allows staff to safely work remotely.
- Understand that employees may be “patching” workarounds to maintain productivity. There’s a lot of pressure on employees to perform during the pandemic, and some enterprising employees may create their ways of maximizing productivity. For example, this may involve transferring company data onto personal devices which could create security breaches. Policies and protections must be put in place to ensure the level of security is not compromised.
- Implement safeguards that prevent employees from transferring company data while they are connected to the company’s network. Double down on these efforts by also investing in data leak monitoring software.
- Create a detailed policy that clarifies how employees should handle company information loaded onto their personal computer. As an alternative, a company may provide employees with work computers or laptops with cyber safeguards already installed.
- Review and/or update all anti-virus protection for work-related computers. Many times, these updates are pre-programmed and automatic when new updates are created. Don’t be cheap when it comes to cybersecurity, either. You’ll want software that is equipped to offer automated remote working security against several kinds of threats, including:
- Zero-day attacks
- Malware, spyware, and viruses
- Trojans and worms
- Phishing scams, including those sent via email
- Filter out unauthorized or unnecessary access to the company’s network. Limit user privileges and restrict administrative access to a small group of employees.
- Discourage employees from using public Wi-Fi networks, which could provide easy access entry points for hackers.
- Work-at-home employees need to keep all family members away from their work-related computers. There is a greater chance that children will hop on the computer in cramped quarters and could create havoc for the worker.
- When participating in teleconferences, consider investing in a sliding webcam cover. Hackers have learned how to access webcams without permission, compromising security and privacy. Webcam attacks are a real threat, and hackers may view sensitive documents in the home workspace. Covers prevent this from happening. Also, some videoconferencing software has a “blur background” feature to prevent others from spying on objects in a home workspace.
- Create a strong company Virtual Private Network (VPN). When more remote computers than ever are connected to company resources, a strong VPN is a crucial safeguard against back door hackers. Be sure to use the strongest possible authentication method, perhaps by using smart cards. Enhance the encryption method for VPN access. Make sure employees update and change passwords regularly. Also, make sure employees are logged on via secure networks.
- Use a cloud or server storage as a centralized storage solution. It’s a lot safer than storing files locally and creates a safer backup solution to protect against compromised, lost, or destroyed files. These storage solutions also have firewall protections built-in for an added layer of security.
- Confirm the security of third parties. Most organizations use contractors or vendors to keep their operations running. Often that involves sharing and integrating information and data. At the very least, government agencies and tax authorities must be accessed at some point or another. When organizations assess which controls must be extended to employees to secure new work-from-home protocols, they should do the same for third-party users and connections. If third parties cannot demonstrate adequate cybersecurity measures, consider limiting or suspending interaction until they can.
- Home networks must be secured. Creating a strong and unique password, changing the SSID, and limiting access to specific MAC addresses are steps you can take to ensure the wireless network is protected.
- Strengthen potentially weak passwords. The Federal Trade Commission recommends: “Use passwords on all your devices and apps. Make sure the passwords are long, strong, and unique. Use at least 12 characters that are a mix of numbers, symbols, and capital and lowercase letters.”
- For work-at-home employees who have customer account or banking responsibilities, extra care should be given to maximizing online banking activities. Use only credited software and services to handle funds. Only use platforms and software you are familiar with. If you’re unsure about a particular type of transaction, ask questions first until your concerns have been addressed. When accessing a banking website, make sure you are logged on via a Secure Hypertext Transfer Protocol. This means the URL should include https:// rather than just http:// at the beginning. You should also see a lock on the left of the URL bar of most internet browsers, indicating that website has an authenticated security certificate. Fraudsters may trick at-home employees through email, social media, or over the phone. Be stingy with giving out any banking information whatsoever.
- To protect your company, ensure work-at-home employees have the best tools possible. This may involve providing stipends or allowances to purchase approved hardware and software to upgrade as needed.
- Make sure incident-response protocols are in place. When cyber breaches occur, employees must know how to report them and what immediate steps to take. Speed is the key to minimizing potential damage inflicted on an enterprise. Redundant systems should also be in place and ready to act to minimize disruptions to normal business operations.
- Do not be pennywise and pound foolish. It may cost a bit more to make sure at-home workers have a secure system but consider the alternative if they are breached.
- Be sure email security is protected. Email is still a primary form of communication, but this form can also be easily hacked and compromised. Phishing scams are as prevalent as ever. To protect against email attacks, do the following:
- Make sure emails can only be securely accessed via a company’s VPN. This creates an encrypted network connection that authenticates the user and/or device. It also encrypts data in transit between the user and your services.
- If you already use a VPN, make sure it is fully patched.
- Staff is more likely to have their devices stolen (or lose them) when they are away from the office or home. Make sure staff devices encrypt data while at rest. This protects email data on the device if it’s lost or stolen. Most devices have built-in encryption, but it still needs to be turned on and configured.
- Instruct employees how to spot phishing attacks.
Extend Security Policies to Other Types of Records
Even with more robust technology controls and investments in security and infrastructure, employees working from home must still exercise good judgment to maintain information security. This also includes paper security.
Work-at-home employees need to make sure they have access to shredders at home or that they can access shredding bins in their offices onsite as needed. Depending on the nature of the business, other measures for hard file protection should be in place. Any secure document policy should go beyond the cyberworld and extend to paper and computer drive storage issues.
It’s incumbent for employers to set norms for the retention and destruction of physical copies, even if that means waiting until the organization resumes business as usual.