Working from Home: Tips to Protect the Health of Your Company’s Systems and Data
The sudden or impending switch to remote work environments for many companies in the United State and worldwide due to COVID-19 has left employers and employees vulnerable to cyber risks. As you are preparing to implement such changes, be aware of these increasing risks and take measures to protect your systems and data.
Tips for employers:
- Provide your employees with company-issued devices to conduct their work remotely. Ensure these devices have updated technology. VPN access is preferred, allowing an additional layer of security that can protect your company’s data. Dedicated work devices will minimize cyber vulnerabilities derived from mixing work and leisure activities on the same device.
- Provide employees with basic security knowledge: how to identify phishing emails, to avoid using public Wi-Fi, ensure home routers are sufficiently secured, and to verify the security of the devices they use (particularly if not provided by the employer).
- Provide initial and then regular feedback to staff on who to reach in case of problems with their remote capabilities. Identify dedicated staff who can answer calls, be available during expansive hours of service, implement emergency procedures, and be ready to evolve to respond to new developments.
- Implement encryption tools, virus checkers, and firewalls.
- Require strong alphanumeric codes, two-factor authentication, and implement a 60 to 90-day password reset cycle.
- Encourage the use of secure and approved cloud services. Avoid storing confidential information locally, particularly if your business requires use of critical personal data.
- Define a clear procedure to follow in case of a security incident.
- Consider restricting or tiering access to sensitive systems as appropriate.
- Restrict access to non-essential third-party apps on company devices.
Tips for employees (subject to employer policies):
- Ensure a secure Wi-Fi connection: using a password-protected router system is vital. With an insecure connection, people in the near vicinity can snoop on and intercept network traffic.
- Have an updated anti-virus system in place.
- Regularly check and update software patches.
- Back up routinely: maintain appropriate back-ups, preferably to the cloud (secured and approved by the employer), that can be used in case of emergencies, such as corrupted systems or ransomware. Only back up to external drives that are solely dedicated to employer-data, and only with
- Avoid the use of USB sticks. These can easily be infested with malware.
- Lock your screen if you must work in a shared space.
- Avoid the installation of third-party apps.
Other tips to consider during COVID-19:
Phishing attacks have been on the rise during this time of uncertainty. Pay close attention to unsolicited emails referencing the Coronavirus. Attackers are exploiting the situation, so look out for phishing emails and scams. Be particularly suspicious of any e-mails asking to check or renew your credentials even if they appear to come from a trusted source. Verify the authenticity of the request through other means, and never click on suspicious links or open any suspicious attachments unless and until it has been properly vetted by your IT department.
- Be wary of emails from people you don’t know, particularly if they ask you to access links or open files. Contact your security officer or IT department if you suspect phishing attempts.
- Treat emails that create an image of urgency or severe consequences with suspicion.
- Emails sent from people you know, but asking for unusual things, such as purchasing gift cards or arranging a wire transfer, are also suspect. Verify by phone or alternative means, if possible.
Lastly, it is important for employers to foster community and care for employees. Using tools such as FaceTime or Zoom can be effective ways to preserve mental health and to help employees stay connected despite the physical distance. Minimizing your employees’ stress in this challenging public health crisis will help them avoid making cybersecurity mistakes and ultimately protect the company.
The above article was written by Adina Florea, an Associate in our Litigation practice group and a Certified Information Privacy Professional/United States (CIPP/US). If you have questions about the above article or other cybersecurity liabilities, Adina can be reached at firstname.lastname@example.org.