Businesses have rallied to get as many people as possible working from their hopefully virus free homes. Now that the keyboards have settled onto dining tables, home offices and make shift desks across the country, it’s time to get a quick pulse on remote work cybersecurity and common cybersecurity issues.
Everyone just walked out with a desktop or laptop under their arms. How are you tracking your company devices and ensuring security protocols? Chances are you have already covered off some of this to provide a base level of protection, such as up to date anti-virus programs. It may make sense to add an RDP (remote desktop protocol) that adds a secure connection point into your systems. Connecting this way can also provide your team with the computing power of your main systems which may give some speed benefits. Another option is to have them connect through a VPN (virtual private network) which can provide an added layer of security but can actually slow access and speeds. Also, be sure to talk with your IT specialist about endpoint protection which allows monitoring of the health of your systems that are now spread all over the place.
Cyber criminals are taking advantage of people’s heightened emotions around the news regarding COVID-19. Already, we are starting to see phishing emails promising a cure for Corona Virus or tips to deal with isolation while remote working. Given the state of unease in our current reality, this emotional clickbait could cause someone to act on such scams. Now is a good time to reinforce the importance of being very aware of any suspicious activity that could indicate an attempt at malware and data theft. Platforms such as KnowBe4 can help train employees to spot the scams quickly and not fall for that clickbait.
The use of strong passwords and two factor authentication is always important. Whether using their personal devices or one you have supplied, strong password protocols should be in place when accessing any work related sites. Do your internal programs prompt new password updates regularly? Do you allow the use of similar passwords on these updates? For example, using Fido1234 followed by Fido2345 can turn cyber criminals into fortune tellers when it comes to the next login sequence. Keep it fresh. Explore using programs such as OneLogin or Dashlane to help your teams track their secure passwords.
An employee’s ability to work from home will only be as good as their internet connection. And then how secure is that connection. Ensure everyone has password protected their internet, and not just with the password given by the provider. As more and more of us are working from home, we may see some issues in connectivity. Already tele- and video-conferencing programs are bogging down with participants needing to try multiple times to get in on a call. Get your team logging in ten minutes ahead of the call to ensure everyone is up and running when the meeting starts.
As much as employers worry about not being able to “see” the work being done in real time, those who train their cat to chase their mouse or make timely key strokes are very few and far between. In fact, research shows working remotely can pose more problems with burn out. With work devices being front and centre at all times of the day, the lines between work time and home time can become blurred very quickly. Reach out to your team regularly, making sure they are doing okay as they adjust to this new way of thinking.
It might not be the cat that is the threat to productivity or systems. Be clear to your team that the workstation or laptop they now have at home is property of the company and is therefore only for use as such. If there are others in the home, be sure your company property isn’t being used to stream movies or play online games. This opens your network up to unnecessary security risks. Develop a simple “Working from Home” agreement and have your crew sign off on a company equipment use agreement, noting that no one other than the employee will utilize the equipment and all programs are logged out of at end of day.
Even if you have a remote working security policy in place, there is an increased risk to cybersecurity with remote working. Your IT infrastructure will just not be as secure when connecting via personal internet connections and in some cases personal computers. If you store data on the computer that has now gone home with your employee, what happens if that person’s vehicle or home is broken into and equipment is stolen? How exposed will company data be if that should occur?
It’s important to evaluate your need for cyber insurance at any time but particularly when your team is working remotely. Your business insurance policy may have some coverage and limits but often this may not be enough to get you through the financial impact of a serious data breach or cyber attack. Learn more about Cyber Insurance or contact your MIG Insurance broker to review your current coverage and assess any new risk your business may face.
Each one of us has a part to play to ensure the security of our organizations. Help your team understand the risks and their responsibilities in this new working environment. Try to keep it fun along the way. At MIG, we use Slack as one of the tools that can keep our teams connected. Many of our Slack channels see some serious work being shared. But we can’t lie, #mig-pet-pics has highlights of our furry colleagues who now share our workspaces and there might be a #happy-hour channel for a virtual meet up at the end of the day.