June 12, 2020
Cyber Security and Working Remotely in the Pandemic
Now with so many more people working from home because of the coronavirus pandemic, it’s a good time to review your off-site cybersecurity practices.
Many — maybe even most — of the people now working from home have probably never worked for you from home before. So, just because you’ve established protocols in the past few years, don’t assume everyone knows or understands them.
But before advising employees of the cyber security rules they should follow, make sure your own house is in order:
- Protect against spyware, and other malicious code with anti-virus and other software. Update these protocols regularly.
- Use a Virtual Network with Multifactor Identification. A VPN hides your real IP address, effectively masking your online identity, encrypting your online connections and protecting your data from hackers and ISP/government surveillance. Multi-factor Identification permits access only after someone has presented multiple pieces of evidence (factors) establishing their identity, such a PIN, by answering questions only they know the answers to or providing codes sent to them via a different device they have access to.
- Secure the contents of your networks: Use a firewall and encrypt your information. Make sure your Wi-Fi network is secure and hidden. If employees download files to take home, make sure the files are encrypted when downloaded. Insurers have denied claims resulting from unencrypted thumb drive downloads.
- Control physical access to computers and network components: Not everyone needs access to all parts of the network. Set-up protocols and passwords appropriate for each tier of access. Prevent access by unauthorized users. Make sure a separate user account is created for each employee and require strong passwords.
- Establish security practices and policies to protect sensitive information: Establish policies on how employees should handle and protect personally identifiable information about personnel and other sensitive data related to HIPAA regulations.
- Make backup copies of important business data and information: Regularly backup critical data on all computers and store in the cloud or offsite.
For all its benefits, working remotely presents some cyber liability concerns for employers. Some companies have tried to ensure cyber security on remote devices such as laptops by issuing them to employees already outfitted with controls. However, most companies have come to accept that employees tend to prefer using their own devices when working remotely.
The good news is that most cyber insurance policies do not exclude claims originating remotely (you might want to check yours though). Still, you want your employees to be vigilant about practicing good cyber hygiene. They should:
- Use strong passwords and change them often: Using multi-factor identification is just as important offsite as onsite (see above).
- Log off the company computer when finished working.
- Maintain security software on home computers and stay up to date with the latest updates and security patches.
- Back up regularly.
- Install security codes on Wi-Fi and other internal home systems. A special concern is the possibility of intruders hacking into an employee’s Wi-Fi or even hacking into nanny cams or appliance-based systems (Internet of Things — IoT — devices) to collect sensitive information. According to a study by Raytheon, IoT is perceived by 82% of IT professionals to be an open door to a cyber catastrophe for most firms.
- Be wary of phishing and other internet scams. People working from home are susceptible to criminals who try to pose as people from the employee’s own company, such as information technology workers. They may say or seem to know things that inspire enough trust to make an employee download a dangerous file or click on links that trigger malicious activities. According to Lloyd’s of London, 80% of cyber incidents last year, including ransomware attacks, originated remotely.