Before—and even more so, during—the COVID-19 pandemic, many businesses began making adjustments for employees to work from home. If your organization didn’t already have a business continuity plan for this type of scenario, then it’s an area where management has needed to improvise. One area of focus that cannot be overlooked while developing this plan is the inherent remote work security risks that come with telecommuting.
To protect proprietary data, client records, and other sensitive information, it is important to address the security risks that come with working from home, especially if your employees haven’t worked remotely before.
Unsecured public Wi-Fi
When employees are given the option to work remotely, they may be tempted to work in public spaces with unsecured Wi-Fi. When the connection isn’t secure, third parties can collect data sent between your employee’s computer and the wireless internet router, including passwords, emails, and files accessed online.
Depending on your industry and the type of work being performed, the laptop screens of employees may also display sensitive information in public. For the vast majority of businesses, there’s only a remote chance of bystanders being interested enough to take a picture or video of your employee working, but everyone should remain aware of their surroundings. Routines that were acceptable in the office aren’t always appropriate in a public setting.
Weakly protected home Wi-Fi
Most of your company’s IT department has likely instituted firewalls and a number of safety measures to protect the privacy of your business network. When employees work from home, your company’s software and data are no longer protected by those workplace security measures. Many people continue to use the default password for their home Wi-Fi router, while others use incredibly simple words or phrases. The password might even be the same as the network name. Intending to make their Wi-Fi easier for guests to access, homeowners rarely follow “best practices” for creating a complex alphanumeric password and changing it regularly.
Working with your IT department, you’ll need to develop practical guidelines for making home networks more secure and reducing remote work security risks. As a Human Resources professional, you can collect useful resources for remote employees, including security guidelines and tips for working from home.
Company property in private homes
If you aren’t using web-based software or Office 365 for remote file access, then employees may need to use company computers at home. Laptops and desktops are costly assets that may not be insured against the hazards that come with in-home use. Coffee spills can happen anywhere, but residential environments expose computers to pets, small children, and other hazards far less common in the office. Some homes will be more vulnerable to burglary, and work computers may be stolen from employee homes or vehicles.
From a management perspective, it will be important to assess the company’s insurance coverage and potential liability. As with the concerns about Wi-Fi, the best preventative measure is raising employee awareness. Remind employees not to leave laptops exposed in parked cars or unattended in coffee shops—and never use random thumb drives or connect to private devices.
Conducting business on personal computers
It might be the easiest way to protect company hardware, but when employees use their personal computers for work, new complications arise. Company computers are kept up to date with antivirus software and other protective measures, but most people are less rigorous about updating and protecting their own devices. Downloading games and accessing questionable websites, users expose their personal computers to a range of viruses and malware. Certain viruses can corrupt important files and compromise the security of a computer or network.
If employees are using their personal computers for work, then your IT department will need to decide on appropriate remote work security measures. Email encryption and VPNs (virtual private networks) are effective tools for added security, but you’ll need help determining which applications are appropriate for your workforce and industry. Some employees may already be familiar with VPNs, which can be used to access geo-restricted or company-owned content.
Be on high alert for phishing and other scams
Whether working remotely or in the office, employees must remain vigilant against various scams and phishing attacks, which are likely to increase during the coronavirus pandemic, given the widespread remote work now in effect. It’s likely during this time that phishing emails will target remote workers in an effort to steal personal information or gain access to company accounts. Warn employees what to look out for, how to spot suspicious emails and phone calls, and what to do when they come across one, or in a worst-case scenario, actually succumb to one. Urge detailed communication and urgent responsiveness when dealing with these matters.
Securing your business for the future
Even if your employees are already working remotely, it’s not too late to provide recommendations for cybersecurity. There’s no one-size-fits-all plan for every business model, and some employees may not follow instructions, especially regarding the use of their personal computers and Wi-Fi, but each compliant worker will help to reduce the overall risk to your company. Even without face-to-face interaction, these challenging times provide opportunities to strengthen teamwork and communication skills.
With remote work, flexibility is key. It’s hard to anticipate how soon conditions will change and whether periods of quarantine may be extended. Some of the biggest remote work security risks occur when last-minute changes don’t allow for proper planning or risk mitigation.