Cybersecurity tips for working from home.

Many of us have quarantined ourselves to work from home, do video conferencing, upload documents and conduct our daily business online. But experts wonder “if the remote nature of work could cause additional Internet security problems in the future.”

While most workers are used to working in an office under elaborate IT systems, it’s impossible to estimate the number of home Internet installations. Where one family may use the most common Internet provider, another family may go online using a VPN to hide their Internet use from prying eyes.

To help you mitigate the risks while working from home, we’ve put together some tips from the experts on steps you can take to protect your digital workspace.

Potential cybersecurity flaws in remote workspaces.

When entrepreneurs were encouraged to work remotely if necessary, most companies were unprepared for the sudden change. As a result, many people work on personal devices. While this may be somewhat convenient and familiar, most people’s personal computers, smartphones and other devices are not protected by anything other than a simple anti-virus program or firewall. When, most devices used in a professional environment are protected by the company’s IT department, if there is one. By not keeping up with the latest software updates and using a company VPN, you’re taking a risk and increasing the chance of your data being intercepted over the Internet.

The issue was so alarming to U.S. experts last month that the International Association of IT Asset Managers (IAITAM) warned government agencies, businesses and other organizations about the risks of allowing employees to work from home without secure devices.

“Many companies were caught off guard when cities and states issued mandatory stay-at-home rules,” said Barbara Rembiesa, president and CEO of IAITAM. “Now we’re seeing companies that are struggling not to be wiped out by COVID-19, trying to maintain cash flow, having to force employees to call customers from home, email credit card information, print bills on untraceable home computers and send them over personal Wi-Fi networks.”

Because of this kind of data flowing through unsecured networks, Rembieza warned, companies can cause unprecedented levels of fraud.

If you work on a family computer, data security is even more at risk, because if a family member accesses a shady Web site or downloads a malicious file, your data could be immediately compromised.

In fact, a recent study from Italy found that phishing attacks jumped 40 percent when the quarantine crisis began. According to cybersecurity company ESET, it only took them seven hours to detect “2,500 infections from malicious emails that played on the COVID-19 theme.”

The situation could get worse as some industries, such as health care and education, deal with federally regulated information that requires sensitive files to be handled in a certain way. If that data falls into the wrong hands, it could get not only the company in trouble, but also the person whose data was stolen. Any business with a European clientele must also consider the consequences of violating the EU’s general data protection regulations, which can come with huge fines for non-compliance.

This is no longer the business we are used to seeing. Stay-at-home orders imply that secure payments and payment procedures are virtually impossible. Remote employees are not trained in data privacy regulation and risk exposing sensitive information to leakage.

Steps you can take to protect your data.

While poor data protection while working from home can have serious consequences for your customers and your company, there are steps you can take to ensure the worst doesn’t happen.

Update your security network.
While you should do this on a regular basis, make sure your devices are fully compliant with the latest security patches and updates, which can make a huge difference in protecting your data. Things like your operating system, anti-virus and anti-malware programs, and your router are just a few of the things you should immediately maintain and protect, as they are usually your first and last defense against outside threats.

Avoid phishing emails.
As mentioned earlier, there are scammers who use coronavirus as a smokescreen for their nefarious attempts to get your sensitive data. Phishing emails are the classic way they do it. In most cases, these emails may look like a business proposal, a big deal, or even an important message from your boss, but in each case there’s a link you have to click on. DON’T CLICK ON IT UNLESS YOU KNOW WHO SENT THE LINK. These links usually lead to a required download that installs malware on your system, immediately compromising it in the process. Be aware of fuzzy email addresses, bad grammar, or generic greetings that don’t match the identity of the person sending the email, and whatever you do – don’t provide any personal information.

Enable multi-factor authentication.
Passwords can be compromised. It’s just a fact that people have been cracking code for as long as they’ve been inventing it, so there are now programs that can crack most passwords in a matter of moments. While high password complexity is a great first step, two-factor authentication adds another layer of protection because it requires additional steps beyond entering the password.

While many of these steps can be taken by an individual employee, companies should develop policies and take steps to further strengthen the protection of their remote employees. It’s not too late for CEOs and other company decision makers to take steps to take control of these risks and protect their data and that of their customers.

Set up remote access.
This can be much harder to do without physical devices in front of you or your IT department, but companies should do their best to set up remote access protocols. This can be particularly difficult to do, however, because you’ll likely need to access local devices to issue multifactor authentication tokens.

Reinforce privacy.
Now is a good time to remind employees that when working remotely, they must maintain the same level of professionalism when it comes to sensitive data as they do in the office. This includes reminding people that personal email should not be used in an official capacity and that any physical documents stored at home should either be properly disposed of with a shredder or set aside for later shredding.

Update emergency contacts.
If you can’t reach your employees via email, whether it’s because of a widespread power outage or if your company becomes the target of a cyberattack, having another way to contact your employees is paramount. It can be as simple as making a list of phone numbers or creating a secure way to communicate to senior staff that bypasses any digital intrusion.

08.02.22

Written by: Carl J. Jones