When the world first shut down in the early Spring, few companies had the capacity to let their entire office work from home. Whether it was a shortage of hardware (such as computers), software (such as remote networking platforms), or simply a lack of knowledge on how to actually let employees work remotely, it presented a pretty substantial snafu for many business owners and many simply resorted to having workers sign on from home and try to work as best they could.
Sadly, computer hackers seized on this somewhat desperate situation and began coming up with new and innovative ways to compromise security and otherwise make the worst of a terrible situation.
As many companies round month 10 of the virtual office life, we wanted to circle back for those who are still working with a cobbled together plan and highlight just a few ways you can keep your employees and your systems safe while folks work from home, often on their own home equipment.
Send out system savvy reminders
Whether you’re working in the office or at home, there are a few basic security rules that everyone should follow. Your work from home staff may have gotten particularly relaxed about these rules, simply because their guard is down when they are in the comfort of their home.
Therefore, we recommend sending a friendly email reminding folks to be on the lookout for and to report “phishing” emails asking for any kind of account information, passwords, or other personal details (either for their individual or their peers!).
Remind staff that these phishing emails often look like they are from someone within your organization, so if they get an unsolicited request, it’s better to double check directly with the perceived requestor before giving out any information. Similarly, workers should be reminded not to open any links or web applications from external or unknown sources.
Craft a point person
One of the trickiest parts about working from home is that you can’t just swing by someone’s desk and ask them a quick question. If you ask any IT professional or the tech savvy person in your business, this is pretty much how most of their questions come in on a day-to-day basis.
When something goes awry or something just seems off, train employees to take it up the chain before they act. Be clear about who they should contact, when and how they should contact them, and when they can expect a response. If the problem renders them unable to work, have a system for escalating this request and providing workers with alternative tasks they can do during their down time.
Get physical
Working from home often creates a false sense of security, with folks leaving their devices unsecured because…well, you’re safe when you’re at home right? However, you should still follow the same protocols as you would in the office, including not leaving your device unattended during the day, installing automatic timed lockouts when your device is not being actively used, and securing your device away when not in use.
Sure, it may seem like an overkill, especially in the midst of a pandemic where most people aren’t exactly inviting folks into their homes, but it’s a good practice and always better to be safe than sorry!
Secure your software
One of the easiest ways to protect your system from security hacks is to keep your software updated. You see, when system developers create updates, they typically look at breaches or threats that have been recorded and create fixes that help strengthen the software from similar future attacks.
Now, most systems will update automatically, some without you ever knowing, but others will need your approval to allow an update and others may even require that you restart your computer in order for the full update to process and the “patch” to be appropriately applied. This is certainly one of those tricky areas where folks may feel that a proposed update is an attack, so let your employees know which updates are coming or again, have them talk to a point person before making an update.
Encryption addition:
Should your device ever be lost or stolen, encryption can go a long way towards protecting the contents of the device and access to the network it connects to! If your employer hasn’t turned on encryption for you — which requires a password, PIN, or biometric such as a fingerprint or even facial recognition — you can turn it on yourself, although how you do so will depend on your device. The pros note that Windows uses BitLocker, macOS uses FileVault, and Linux can run on dm-crypt or similar. Both Android and iOS, are enabled by default, provided your device is a generation 6 or 8, respectively. Similarly, you can update your devices to include “find my device” features, as well as to remote wipe them should they ever be lost or stolen.
Help out with home security
When we create our home Wi-Fi passwords, we usually make it fairly obvious (we’re looking at the password is password people of the world!) or its one that you share with anyone that comes to stay or that neighbor who couldn’t connect that one time…. The point being that home Wi-Fi networks are rarely secure, but there are small things that you can do to up your security game.
The first, and perhaps most important step, is to go ahead and change your Wi-Fi password, and then also update the passwords to your work-related web offerings to high security passwords (think those that contain a mix of upper and lower case letters, numbers, and symbols). While it won’t make your security air-tight, it will go a long way to helping to thwart a security attack.
Invest in a VPN
At this point, numerous states are toying with the idea of going back into a lock down and for many businesses, having more remote employees may just be a way of life well into the future. With this in mind, we recommend that you consider a VPN.
This VPN, which stands for Virtual Private Network, provides an additional layer of security when working remotely by hiding your IP (Internet Protocol) address and encrypting data flowing between various machines within the network and into your company’s core systems. If you do have to purchase a VPN, be sure to purchase from a reputable provider and perform your own leak test to make sure it is truly secure before getting your whole company on board.