COVID-19 Have You Working at Home? Check Your Cyber Security!
Social distancing and quarantining don’t have to mean a halt in productivity or an increase in cyber security risks. With the unfolding COVID-19 health crisis, we’re facing an unprecedented global situation. Thankfully, we also have tools that allow us to productively stay connected even when we’re forced apart.
Whether you’re your own boss or a new hire working to make an impact at your company, working from home can protect your physical health. When setting up this alternative to traditional office workspaces, it’s imperative to also prioritize the health of your cyber security.
Utilize enterprise-grade security on remote devices
The best way to ensure security is to only engage in remote work from a company-managed computer. When working with a limited timeframe or budget, it’s understandable to use employee-owned machines, but these do come with enhanced risk.
Regardless of who owns the equipment used to telework, keep your machine patched and up to date, install enterprise-grade anti-virus and anti-malware, and correctly configure all firewalls.
Consider a mobile device management (MDM) solution that maintains control of a phone, tablet, or laptop in case of theft or accidental loss. Through an MDM, your IT department or Managed Services Provider (MSP) can locate, lock, or remotely destroy data on a mobile device or computer.
Choose the best option based on what you need and what you can afford
As with all steps in this process, the security of your data and connection should be paramount. Hastily configured or poorly planned remote connections can act as a gateway for cyber criminals trying to capitalize on the current health crisis.
There are several methods available that allow for secure remote access to the office network.
When configured properly on a company-owned machine, this is a secure method of remote work. VPN (virtual private network) gateways extend a business’s enterprise-level cyber security protocols through a secure encrypted tunnel between the business’s internal network and the remote computer. This is a relatively safe option, but infected data can reach the internal network if the connecting computer is compromised while on a home network.
A portal allows for access to company data and applications through a webpage or virtual desktop. This option may be good for remote personal computers. However, it is essential that, while connected, the portal also restricts access to other areas of the internet and applications, with limited permissions.
Remote Computer Access Service:
Through the use of a third-party software service, remote users can connect directly to an existing office computer. The software allows them to control the actions on their office computer within a window on their home machine. This is a viable alternative when employees must work from personal devices since it keeps all data and applications contained at the office. Proper configuration of the remote hardware is critical to a secure connection. All data sent from the office computer to the remote computer is encrypted, but that encryption also hides the data from the business’s own firewalls and threat detection software. If the employees’ computers are not secure, infected data can enter the internal network without any red flags.
Direct Application Access:
Best only used with low-risk applications. This method allows users to remote into a single application, rather than the full interface or the server.
Restrict risky programs, extensions, and apps on remote devices
Consider all non-business-essential applications an unnecessary risk to security.
Many browser extensions have tracking codes unbeknownst to users and others spread malware. Unsecured apps on mobile devices can also act as a gateway for malware and open the door for criminals.
Clear the use of any program with your IT department or MSP to be safe.
Use multi-factor authentication (MFA) and encryption
The best way to ensure that the person signing in is who they say they are is to incorporate multi-factor authentication. Security tokens and authenticator apps tied to a specific mobile device and randomly generate verification codes are preferred. But any type of MFA is better than none.
From email and data storage to the connection itself, implement encryption whenever possible. That way, even if data is intercepted by criminals, they won’t be able to use it.
Train remote workers on cyber security basics
This may be the most important tip on the list! Employees need to know more than just how to use their new method of telework. Train them in how to spot and respond to unusual computer activity. They should be prepared for phishing and social engineering attempts to gain access to the network. Cyber criminals today are especially capitalizing on the fear generated by the coronavirus. Everyone should think twice before clicking links claiming to provide new health data or messages making extreme declarations (i.e., nationwide lockdown).
Stay Safe When Working at Home
Working from home creates a weak link in the cyber security of your business. But education and ongoing training minimizes that risk.
This guest post was authored by Farica Chang
Farica Chang is Director of Anderson Technologies an IT company that optimizes technology to meet the demands of small and midsized businesses. For over 20 years, Anderson Technologies has provided the IT solutions that firms need to be competitive in today’s marketplace.