The novel coronavirus has disrupted the way we operate, and the implementation of social distancing has resulted in a larger number of employees working from home. With the increased amount of remote work comes an increased risk in incidents related to cyber security.
Below we have listed key considerations for managing your cyber-security risk with a working-from-home team.
Using personal computers or non-hardened company computers.
If your team is using their personal computers to work from home, or a laptop you provide to them, but that has not been “hardened” by stringent security policies, the following elements have to be considered:
- Where do you save data?
- Is your data encrypted?
- How do you access your emails?
- What else runs on your computer?
- What type of antivirus runs on your computer?
- How is your data backed-up?
- Is your home WiFi network really secure?
- Do you use a Virtual Private Network to connect to your company applications?
The use of cloud-based applications.
Your company may be relying on cloud-based applications for its operations (i.e. Office 365, Google Suite). Such infrastructure provides great flexibility and collaboration. However, if you have only implemented them for the sole purpose of providing an easier remote working environment to your team, the following questions need to be considered:
- Do you know in which country your data is saved?
- How do you know if a critical file is shared with an external party?
- Who controls the security?
- Have you assigned someone to be in charge of reviewing file accesses?
Privacy is key - protect your personal information.
Working remotely might mean that you are using your personal devices and logging into both work-related sites as well as personal sites. This makes you more vulnerable to a cyberattack because you are a target with both valuable corporate information, as well as personal information. Be very careful. Your personal information is a highly sought after asset. We are seeing increasing occurrences of cyberattacks targeting individuals working from home. Here are some ways to minimize your risk exposure:
Only perform transactions on a secure, password-protected network.
We discussed the importance of using a VPN earlier. You can add the additional layer of security by never carrying out transactions over the internet using a public, or shared network. If you do not have any other choice, then ensure you are using a reliable VPN.
Only access and work on websites that use encrypted connections.
Data transferred between your browser and the website can be encrypted using SSL encryption, ensuring that the data in transit cannot be read. This is fundamental for any activity you carry out on the internet.
See below to identify the difference between a secured and an unsecured network:
Do not use the same password for work and personal accounts.
Cybercriminals monitor the activities of their targets to gather information of sensitive information to take advantage of (including bank accounts, social media accounts, government account activity). The first thing a hacker will do once they obtain one of your passwords, is to try and use it for the rest of your accounts. Prevent this by using unique passwords for everything.
Use chat apps with strong encryption.
Apps like Whatsapp and Signal have increased security that prevent people from spying in on your conversations.
Log off when you’re done.
Always log out of every online account when you have finished using them.
Revise your social media privacy settings.
You’ll be surprised how much information a cybercriminal can gather from your social media accounts such as Facebook and LinkedIn. As an example, your public profile picture that you innocently posted from your home can be linked to an IP address allowing your location to be exposed.
How we can help:
Cyber security and data privacy are not a one-size-fits-all. Numerous considerations need to be taken to identify the most cost-efficient approach to reduce your cyber security and privacy risks, while having your team work efficiently from remote locations.
Crowe MacKay experts on our Risk Advisory and Technology Consulting teams can assess your particular situation and provide you with an assessment and recommendations to protect your company from serious data loss and reputational damage. Contact us for more information!