COVID-19 Remote Work and Cyber Security
Employees working remotely: data security tips
A silver lining in the cloud cast by the COVID-19 pandemic is that many employers will be able to maintain some level of productivity by virtue of their employees being able to work remotely from home or some other locations. However, with this added benefit comes added risk – specifically, the increased potential for data security incidents. Working remotely introduces a host of potential vulnerabilities to the equation, and both employers and employees need to be mindful of them. But in the end, the important thing to remember is that these risks can be minimized by observing smart data security practices. Here are ten basic tips:
Continue observing the good data security hygiene you already do! By now, just about every business has devoted resources to training its staff on data security. Keep applying the lessons learned in that process.
Use only secure connections. Employees working remotely should avoid using public Wi-Fi networks or any other networks that are not protected by a strong password. “Personal hotspots” may be used, if necessary, but aren’t the most preferred course.
Use a virtual private network. Employee access to the employer’s system should be through a virtual private network (VPN), which provides a secure, encrypted connection. For even greater security, access to the VPN should require multi-factor authentication.
Make sure any transmission and storage of sensitive information remains secure. Many businesses deal with personally identifiable information, protected health information, and other sensitive data on a regular basis. Be sure that any transmission of such information is encrypted and that storage of the information is secure. Also, it is generally a good practice to store sensitive data only on work computers and to avoid easily portable external drives (e.g., thumb drives).
Use only protected computers. Any computers connecting remotely to the employer’s network should be equipped with up-to-date security protection (anti-virus, anti-malware, firewalls, etc.) and have all software updates installed.
Physical security is important. Working remotely, and especially from a “public” place, increase the chances that others will be able to see what employees are working on. Employees need to be attuned to this, making sure that sight lines are blocked, screens can be locked, and devices are shut down when not in use.
Passwords need to be strong. Any devices connected to or accessing an employer’s system should be protected by strong passwords – and never by “default” passwords. And as noted above, the use of multi-factor authentication is a plus.
Keep good back-ups. With the increased potential for data security incidents, the need to maintain good back-ups of your data is even more important.
Stay in touch. Employers should make sure they have open lines of communication with any employees working remotely. The benefits of this go far beyond data security.
As always, be vigilant and alert. Data breaches and other cyber attacks are attempted every day, and working remotely increases the number of potential avenues and vectors that can be exploited. Also, be particularly tuned in to scam attempts and social engineering. It is a well-known fact that bad actors view significant, catastrophic events as opportunities to prey upon our sympathies and kindheartedness, such as by sending phishing emails asking for help with the efforts to combat the coronavirus. Don’t fall for them!
Visit our COVID-19 Resource Center for more information.
For more information, reach out to Matt Borick (firstname.lastname@example.org)