COVID-19 Response: How To Stay Cyber-Secure When Working From Home
The global COVID-19 pandemic has brought telecommuting into the mainstream; millions of people who previously always worked in their employers’ facilities now work from home. In fact, the success of telecommuting during the health crisis of 2020 will likely cause a permanent shift in Americans’ work habits; going forward, many folks who never thought of working anywhere but their offices are likely to choose to work from home at occasionally – perhaps when the weather is bad, when their children are sick, or the like – and many businesses that never considered offering telecommuting as an option are likely to offer greater flexibility in this regard after having seen the model succeed in 2020.
While telecommuting offers many benefits, it also means that remote workers must access important data systems from geographically scattered environments that are not under corporate control. How can remote workers be sure, then, that working remotely will not jeopardize either employers’ data or their own?
Here are 5 important tips for remote workers:
1. Work in “secure” locations
While it may be OK to work on some projects from a neighborhood coffee shop, one of the reasons that telecommuting during COVID-19 has not lead to a huge number of data leaks has been that people are working from home rather than from public locations; in the safety of one’s home curious outsiders are unlikely to see the displays of workers’ computers, hear sensitive phone calls, or trick computer users into connecting to the Internet via an “evil twin network.” Far less security exists vis-à-vis these matters in most public locations. So, if you are working remotely on sensitive items, be sure to work at home, in a hotel room, or from another relatively secure and private location, where you can control who sees and hears the materials upon which you work. Also, for multiple reasons, using your home Wi-Fi connection is far better than connecting via public Wi-Fi.
2. Utilize security software on all devices
Hackers and malware can attack essentially all computing devices, and, as a result, all laptops, desktops, tablets, phones, and other computing devices that you use for work, or that house sensitive information, need security software.
There are several popular, inexpensive computer security packages that include anti-virus, firewall, anti-spam, and other beneficial technologies. Portable devices should have software optimized for mobile systems, and should include remote wipe capabilities, which you should enable.
If the devices that you are using belong to your employer, your employer should provide and configure the security software according to its policies; if the devices are yours you may need to obtain, install, and configure the necessary packages.
Likewise, be sure that all data that you create, or upon which you work, is properly backed up – your employer should provide backup capabilities for employer supplied devices and data, but, if your employer does not, make sure that you backup on your own, unless, for some reason, your employer prohibits you from doing so.
3. Utilize a Proper Team-Oriented VPN
VPN (Virtual Private Network) technology provides remote workers with several significant benefits; for example, it prevents your Internet Service Provider and others from seeing what websites you visit and what apps you use as part of your work. Security conscious employers typically want this type of privacy.
Business-oriented VPNs, however, provide far more relevant capabilities for remote workers than do consumer products. The business offerings often allow businesses to create a secure, encrypted tunnel from remote employees to corporate systems and resources – allowing people to use systems and networks as if they were in an office while actually located far from it. Such VPNs also allow authentication and authorization to occur based on existing corporate user databases or third-party services such as those from Amazon, Microsoft, or Google – which is essential for many businesses because replicating user information is often cumbersome, and can easily lead to dangerous security mistakes.
There is another reason that you want your employer to supply you with a business-oriented VPN rather than a consumer version – VPNs can be complicated to configure, and you want to make sure that you configure yours not only correctly from a security standpoint, but correctly from the perspective of your employer’s policies, information-systems infrastructure, and personnel chart. Centralized management by your employer’s IT folks – as allowed by business oriented VPNs – makes your life both simpler and more secure.
4. Learn about social engineering attacks
Remote workers make great targets for cyber-attackers not only because of the likely technical limitations at remote sites, but because of human weaknesses. Unlike their in-office counterparts, for example, remote workers cannot walk to the next cubicle and ask someone about a strange email or link received in a chat message, and, as such, remote workers are more likely than other employees might be to click on problematic links, open dangerous emails, etc. This is especially true when spear phishing emails are sent impersonating officers of the employer, and contain subjects like “Important Updates to Corporate Remote Working Policy” or the like.
As such, it is critical that if you work remotely you learn to recognize social engineering attacks, and that you condition yourself to ascribe a certain level of suspicion to all electronic communications. Ideally, your employer should provide you with adequate training in this regard, but, if it does not do so, you need to prepare yourself anyway.
5. Utilize proper communications tools – and settings
Your employer may provide you with a list of approved communication technologies – for example, by telling you what software the organization will use for video calls, for chatting, etc. – or it may leave the decision up to you. In either case, make sure that you are familiar with, and address, the relevant security concerns. You don’t want to destroy your professional image, for example, by hosting an online video conference that is zoom-bombed by a person intent on disrupting and shocking the participants.
In short, remote working offers amazing possibilities – but, make sure that you arm yourself with the proper tools to do so securely.
This article is sponsored by NordVPN, whose new NordVPN Teams offers cutting edge business VPN technology. For more information please visit https://nordvpnteams.com/.