Cybersecurity & Remote Work

The best practices to remain secure while working away from the office

I think we can all agree that the COVID-19 pandemic has dramatically changed the way we work and live.  Many employers, including AT&T, Apple, and Google, have encouraged employees to work remotely during these uncertain times.  Unfortunately, not everyone is prepared from a cybersecurity standpoint to appropriately adjust to this “new normal” of remote work.

Based on recent reports, “the National Cyber Security Centre (NCSC) is warning that criminals are looking to exploit the spread of coronavirus to conduct cyberattacks and hacking campaigns.”  Although phishing e-mails are not new, these criminals are preying on people’s fears.  Remote work can present a unique challenge from a cybersecurity standpoint when the remote environment doesn’t have the same safeguards in place as the office.

Fortunately, added cybersecurity protection while working remotely is possible with a few reminders.

1. Don’t connect to public wifi.  Employees may be tempted to get out of their house and head to the nearest coffee shop (whether it’s to escape kiddos with cabin fever or just for an extra boost of caffeine!).  Remind employees that if they decide to work in a public location, they must utilize a VPN or mobile hotspot instead of connecting to the public wifi.

2. Don’t leave important documents out in the open.  Data security incidents can occur when information is improperly accessed, and that includes information on paper!  If your employees are working at public locations, remind them that paper documents are just as important – they shouldn’t leave their laptop and documents on a table and head to the bathroom or leave them in the passenger seat of their car.  It can seem inconvenient, but those important documents and the laptop should be on the individual at all times.

3. Utilize two-factor authentication.  Although not infallible, two-factor authentication greatly reduces the risks associated with credential theft.  Most e-mail domains and other applications have the ability to turn on this function – do it!

4. Pick-up the phone. If something looks suspicious, pick-up the phone and confirm.  We tend to communicate almost exclusively via e-mail and text in today’s business environment but picking up the phone has averted many disasters.  The client/prospect/vendor will appreciate you taking the extra step to confirm a request.

5. Manage passwords. Remind employees to use unique passwords for all accounts.  Reusing the same password is extremely common and can put all of your accounts at risk if one account gets hacked.  If employees are worried about remembering passwords, suggest a password manager, such as Dashlane.

6. Change default passwords. Our home wifi routers come with default passwords that are generally easy to guess and are known to many.  If this password isn’t changed, a cybercriminal who is within range of the home can log in and access the network.  Remind employees to change these default passwords, and to also set a wifi network password so their network isn’t open to anyone driving by their home.

Obviously, these are unprecedented times, and the health of our clients, employees, vendors, and partners is our number one priority.  But as we move to remote work, and as many of our clients do so as well, we wanted to point out a couple of ways to keep your cybersecurity health safe, too.