In order to flatten the curve and get ahead of COVID-19, many businesses are transitioning all able employees to work from home. This comes as governors around the country are beginning to issue executive orders mandating only essential employees continue working onsite.
Working remotely and getting your employees out of inter-office contact can help slow down the communication of the infection, but it does introduce serious cybersecurity risks if not implemented properly. Being staffed exclusively with cybersecurity experts, we’ve put together a list of security essentials and considerations to be mindful of during this temporary transition to teleworking for your company.
What’s at stake?
It’s important to be mindful about why we’re taking these security precautions in the first place. Every business in today’s day and age has electronic data that needs to be safeguarded against those with malicious intent. Data that needs to be safeguarded includes intellectual property, trade secrets, proprietary company information, personally identifiable information pertaining to your employees/clients, patient health records and financial records. If compromise occurs and data is stolen, you not only lose the trust of your business clients but face an interruption to business operations and financial repercussions; especially if patient data or other regulated material is exposed. It’s important to note that HIPAA as well as other laws and regulations still apply, no matter where you are working.
Virtual Private Network use must be enforced
All access to company resources from out of the office must utilize a VPN. A VPN creates an encrypted tunnel directly from your end point to your company’s internal network. All data traveling over this tunnel is encrypted and inaccessible for prying eyes, making man-in-the-middle data capture impossible and keeping your company’s data safe.
Social engineering education must be reinforced
Your employees are vulnerable to the same phishing, vishing and smishing attacks they are at the office. To make matters more dire, social engineers are using the current pandemic to incite fear and intimidation to their victims using coronavirus and COVID-19 related subject matter in their attacks. Refamiliarize employees with how to report a phishing email. Please see “How to Become a Pro at Spotting a Phishing Email” for additional prevention tips.
Company data should never touch personal devices
You must make it known than under no circumstances should company data be placed on personal devices including computers, mobile devices, flash drives and even personal cloud storage accounts. These devices are not secure and can lead to compromise and data theft.
Do not share work devices with family members
We are not attempting to establish that family members could possibly have malicious intent. Work devices should not be used for personal use for anyone for the sole fact that it opens the attack plane on that device. A compromise could occur just by a family member browsing the web, in which the result would be a direct path into your company’s internal network.
Personal devices must be secure
If you’re using a personal device for work, it must have active anti-virus, complete with current software, including the latest patches and firmware for your operating system (Windows or MacOS). All personal devices you intend to use for work should be cleared by your manager before work use.
MFA: Multi-Factor Authentication should be enabled for all work accounts
This goes for all work-related accounts and services, including your Office 365 account. With the convenience of being able to access your Outlook email from anywhere, comes the realization that a hacker could as well if your email and password is compromised. Having the second factor safeguards your accounts with your authenticating device required on -hand to access those accounts before access is granted.
Please contact us if you have any questions, concerns or if you need help transitioning employees to a remote environment. Remote work options are available, especially when utilizing remote collaboration platforms like Microsoft Teams and Office 365.
Written by Ed Desorcy