By Farica Chang
As COVID-19 cases rise in the United States, many business owners and IT professionals across the country are rushing to provide remote work options for their employees. Much like the travel restrictions ground flights across the globe, the Novel Coronavirus is grounding thousands of American workers to their homes for the near future.
Telework allows your employees to self-isolate safely without the risk of infecting others or your workplace. How can you mitigate the cyber security risks that come with working from home?
The cyber crime industry responds quickly to current events and their associated vulnerabilities. Malicious actors are already capitalizing on the collective panic that surrounds COVID-19, which means they’re sure to be to targeting the specific vulnerabilities that accompany working from home.
Your workplace typically has preemptive measures to safeguard your network from these threats, but it’s unlikely your home network and devices have the same defenses. This puts any company machine, application, or data you access from home at risk. Take steps to protect your company’s data and remind everyone to practice hyper-vigilance as they settle into the new normal for the next few weeks.
1. Weigh Your Hardware Options
Will you allow employees to use their personal computers for telework, or will you provide hardware for your employees to bring home? Company-owned and monitored devices offer the strongest cyber security protections because your IT team has insight and management over the configurations.
For companies trying to set up remote work on the fly, providing every employee with a laptop probably isn’t a feasible option. If you allow your employees to use their personal computers to work from home, be aware of the risks involved. Make sure all devices and systems are up to date and patched, and deploy enterprise-grade anti-malware/anti-virus protection.
2. Secure Your Networks
There are a few different network access options appropriate for telework, and you’ll have to determine what’s best for your business and the kind of security and access your employees will need.
- VPN Gateways: VPN (virtual private network) gateways create a secure channel between your network and an employee device. This channel extends any cyber security measures you have at the office to the machine you’re using to work from home—even your firewall settings! But if the home machine has already been compromised in some way, infected data can reach back to your company network. For this reason, VPN gateways should only be implemented on company-owned and monitored devices.
- Portals: Portals allow employees to access company data and applications using a webpage or virtual desktop. This method keeps your company’s data in one place and prevents apps or data from being downloaded onto the device without permission. While this is a good option for employees using their personal computers to work from home, other applications and websites should be restricted with limited permissions while the portal is in use. Cyber criminals could find potential vulnerabilities and sneak onto your network.
- Remote Computer Access Service: This option uses third-party software to connect directly to employees’ office machines and control them using a window on their personal device. All data and applications are contained within your company’s network security measures. This a good alternative for businesses who can’t afford new telework hardware, but proper configuration is imperative to ensure infected data can’t enter your internal network hidden by the otherwise helpful encryption.
- Direct Application Access: This option is the lowest risk of remote access choices, but since it’s limited to select applications, it hinders the amount of work an employee can accomplish from home. Remoting into single applications reduces the access to data on your network, but it might prevent an employee from completing all necessary tasks.
3. Utilize MFA, Robust Encryption, and Proper Configuration
These are all important tools to your office network, so don’t forget about them when it comes to telework. Multi-factor authentication (MFA) ensures that the employees signing into company accounts are who they say they are by authenticating with a randomly generated code sent to email or SMS text or available on an authenticated mobile device. Encryption works in a similar way, guaranteeing any intercepted data can’t be used by anyone other than the employee. Always manually configure machines working remotely so no security vulnerability goes unseen.
4. Restrict Access to Essential Programs and Data
Personal computers play a different role in our lives than office workstations. An employee’s personal computer might be decked out with lots of non-business-essential applications, and these unsecured apps can be open doors for cyber security threats. Mobile apps and browser extensions can have tracking codes or malware snippets that make them risky for your company’s networks. Every program used while working from home should be deemed safe by the IT professional responsible for your network security.
5. Don’t Overlook Mobile Devices
Many employees already use their personal mobile devices for work applications like email. Why not use that mobile device for fully working from home? If this is a possibility, it’s essential that you use MFA for any sensitive data or accounts. Also consider a mobile device management (MDM) solution in case an employee’s telework device gets lost, stolen, or otherwise compromised. An MDM enables you to locate, lock, and remotely destroy data on the device if it falls into the wrong hands.
6. Address the Human Factor
Just like social distancing and practicing good hygiene are steps everyone can take to prevent the spread of COVID-19, there is a human element to cyber security that can’t be ignored. The most important factor when setting your employees up to work from home is comprehensive education. Employee education adds another layer of security against cyber crime schemes like phishing, pharming, and ransomware attacks. Cyber security knowledge is something every employee can take home and apply to their personal networks once the widespread danger has passed.
This unprecedented health crisis doesn’t have to mean the loss of productivity and access. Companies who can offer their employees an opportunity to work from home are not only making good decisions for the health of their communities, but also providing a chance to reevaluate their network’s cyber security strategies and disaster preparedness plans.