As new cases of the viral infection also known as Covid-19 continue to pop up within the U.S., many companies have begun preparing employees to work from home for and unforeseen amount of time. Some organizations including Apple are encouraging employees around the globe to work from home until further notice.
A remote staff can present a business with very unique challenges when maintaining information security because employees don’t have the safeguards the office network provides. While in the office an employee works behind layers of preventive security controls built in to the network. Of course no office network is perfect however the protection it provides can make it much harder to make a security mistake. However, when computers leave the perimeter of the office network and people work remote, new risks arise for the company and additional policies are essential. Here are some of the policy guidelines we suggest when you or your employees are outside the office:
Avoid public Wi-Fi; if necessary, try to get in the habit of using personal hotspots
Public Wi-Fi introduces significant security risk, If you need to access the internet from a public Wi-Fi location, you have two essential problems to solve. First, other people have access to that network and, without a firewall between you and them, threat actors can pound away at your computer from across the room. Second, any interested observers on either the current network or any other public networks your data hits between you and your workplace can monitor your traffic. It is important to find a way to protect your device and encrypt your traffic.
The use of a personal hotspot from a dedicated device or your phone can be your best bet when finding a secure connection outside your home. Although your web traffic will be unencrypted between the hotspot and its destination, using a hot spot does eliminate the problem of getting hacked by people on the same public Wi-Fi. With most major carriers, you can pay a nominal fee for the capability to set up a private Wi-Fi network with your cell phone. If your company provides cell service, there’s no reason not to use the hot spot to avoid public Wi-Fi especially given that, in many cities, 4G or 5G service is almost as fast as your home network access.
Keep Work Data on Work Computers.
Thinking about taking care of a few emails at home before bed? This is a risk for you and for the company! Even If you take precautions like using your work computer, secure Wi-Fi, a VPN, encrypted drives, anti-virus, and endpoint protection, however technology is constantly changing. If you work at an organization with an efficient IT team, they may be installing regular updates, running antivirus scans, blocking malicious sites, etc., and these activities may be transparent to you. There is a good chance you have not followed the same protocols with your personal computer as are mandatory at work. Without these things running in the background, your personal computer is not safe for work information because it could be compromised by a third party.
Essentially, by introducing a personal computer to a work network, even remotely, you’ve put the company networks at risk, and yourself at risk, accepting the potential liability of extensive corporate damages though violations of policy, practices or both.
There is one way to make using your personal computer less risky. If your employer gives you access to a portal or remote access environment such as Office 365, you could work online and avoid downloading or synching files or emails to a personal device.
Encrypt Sensitive Data in Emails and on Your Device.
Sending emails with sensitive data is always going to be a risk. It could be intercepted or seen by a third party. If you encrypt the data attached to an email, it will prevent an unintended recipient from viewing the information. Also, be sure your device is set to have all stored data encrypted in the case of theft.
Leave Your Devices or Laptop in the Car.
We advise all our clients and employees to never leave their work computers or devices in a vehicle. It’s a best practice to keep work laptops and devices on your person at all times while on the road.
Don’t Use Random Thumb Drives.
A classic hacking technique is to drop a number of large capacity thumb drives near the company you are hoping to attack. The chances that an unwitting employee will pick up the thumb drive and use it are surprisingly high. Anecdotally, one of our employees ran a test on this at a previous job and a shocking percentage of people actually opened the files on the drive. If someone is trying to attack your companies network this is a significant security threat.
Formalizing Working from Home and Remote Work Policies
While technology can drive your business forward in times like this, it is also important to keep in mind that uninformed employees can put your business as risk. General work from home and remote work policies on computer and internet use can help, and these policies can be enforced with both technical and administrative controls.
A Remote staff can present a business with very unique technical challenges let HSI Security Services Help Secure your business today.