COVID-19 has thrown many businesses into the fire of remote working. Morphisec reported in its Work-from-Home (WFH) Employee Cybersecurity Threat Index that remote working was an entirely new experience for 49 percent of employees, and 25 percent of employees working from home aren’t familiar with security protocols in place for their devices. So what can organizations do to maintain security and confidentiality while WFH procedures are in place and strengthen remote working environment policies moving forward?
Bring Your Own Device (BYOD) Policy and Practices: While employees using their own devices for work provide convenience and save employers money, it can expose organizations to risks by allowing access to work files, company networks and phone and email systems. More than ever, it’s essential for an organization to set or review its security policies for the permitted use of these devices. At minimum, the policy should address appropriate password policies, WiFi network security, the use of public WiFi and device loss or theft. An increase of remote users can also present an opportunity to train employees on how to use mobile devices to access corporate resources.
Virtual Private Networks (VPN): Virtual private networks create an encrypted tunnel between users and remote servers operated by a VPN service. Although VPNs are not the newest model of technology, they can provide a highly secure remote work solution – especially if personal devices are connecting to a network – that is user friendly for employees and cost effective for employers. Especially when encryption is employed, VPNs can provide extra comfort when users utilize public Wi-Fi or untrusted devices and mitigate consequences in the event an organization does suffer a breach of security.
Train, Train, Train: Having a proactive security training program is one of the most effective ways to mitigate the risk of security breaches and a global pandemic hasn’t changed that. Cybercriminals have exploited the COVID outbreak to increase phishing activity, infiltrate computers, networks and access sensitive and legally protected information. Employees can be an organization’s most vigilant protection against attacks, so maintaining an on-going training program is a key, or even legally-required, component of information security.
Don’t Forget About Paper: Although technology poses a large risk to unauthorized access or disclosure of sensitive information, a comprehensive information security program also addresses threats against physical security. The nature of a remote working environment provides more gaps for paper documents to potentially result in access by an unauthorized person. It is reasonable to expect papers to be transported to and from the office and documents to be printed at home. Often employees take for granted the shred box at the office, so it is equally important for organizations not to overlook secure disposal of papers in its WFH policies. An organization may require personal shredders or organize a secure pickup of documents to be shredded, but however it is addressed in practice, WFH policies should be clear that recycling confidential information is not an acceptable form of disposal.
Whether an organization intends for its WFH policies to be temporary or permanent, it is important to give those policies intentional consideration and review to ensure an organization’s sensitive or legally-protected information remains secure.