Many Americans are now working from home, making video conference calls, uploading documents and conducting their daily business online. But experts are wondering if the remote nature of work could cause extra internet security concerns down the road.
While most workers are used to working at the office under carefully crafted IT systems, it's impossible to quantify the number of permutations of home internet setups. Where one household could have a simple solution that works for their family, another household could have a virtual private network (VPN) subscription in place to mask their internet usage from prying eyes.
To help you reduce the security risks you may be taking while working from home, we've collected some tips from experts on steps you can take to fortify your digital workspace.
Potential cybersecurity weaknesses in remote workspaces
When businesses were asked to work remotely unless they were essential, most companies were left unprepared for the sudden shift. As a result, many Americans are working on personal devices. While that may cause some level of convenience and familiarity, most people's personal computers, smartphones and other devices aren't secure beyond a simple antivirus program or firewall. Conversely, most devices used in a professional setting are made secure by a company's IT department, if it has one. Without keeping up with software patches and using the company's VPN for further security, data can be intercepted over the internet.
Last month, the issue was so worrisome to experts that the International Association of IT Asset Managers (IAITAM) warned government agencies, businesses and other organizations of the risks involved with letting employees work from home without secure devices.
"Many companies were caught unprepared when cities and states issued mandatory stay-at-home rules," said Barbara Rembiesa, president and CEO of IAITAM. "Now, the rubber is going to meet the road when those companies, which are struggling not to be crippled by COVID-19, try to keep the cash flowing by having employees at home call or email for credit card information, print out invoices on untracked home computers, and send them out on personal Wi-Fi networks."
With that sort of data flowing through unprotected methods, Rembiesa warned, companies will be threatened by "breaches and fraud on a scale never before seen."
"Use of personal devices creates problems around document preservation matters and add increased risk," wrote Brenda R. Sharton, a litigation partner and global chair of Goodwin's Privacy + Cybersecurity practice, in an article for the Harvard Business Review. "In addition, the software powering some home equipment can be months or even years out of date."
If you're working on a family computer, data security may be even harder to obtain, since the habits of other people in the house also affect your work's sensitive data. If they access a shady website or download a malware-laden file, your important data can be put immediately in jeopardy.
In fact, a recent study out of Italy showed that phishing attacks jumped by 40% as the coronavirus crisis boiled over. According to cybersecurity company ESET, it took just seven hours for them to detect "2,500 infections from malicious emails that played on COVID-19 themes."
Such vulnerabilities could get worse since certain industries, like healthcare and education, deal in federally regulated information that require that sensitive files be handled in a certain manner. If that data were to get in the wrong hands, that could spell trouble not just for the company but for the individual whose data was leaked. Any businesses with European clientele also have to consider the ramifications of violating the E.U.'s General Data Protection Regulation measures, which could come with huge noncompliance fines.
"It is no longer business as usual. 'Stay-at-home' orders ensure that secure payments and billing procedures are nearly impossible," said Rembiesa. "Remote employees are not trained on data privacy regulation and risk exposing sensitive information to a data breach. Without proper IT asset management, there are major dangers that must be mitigated."
Steps you can take to secure your data
While the consequences of poorly securing data while working from home can have severe impacts on your customers and your company, there are steps you can take to ensure the worst doesn't happen.
- Update your network security. While you should really do this on a regular basis, making sure your devices are completely up to date with the most recent security patches and upgrades can make a huge difference in securing your data. Things like your operating system, antivirus and antimalware programs, and your router are just some of the things you should immediately shore up and protect since those are generally your first and last defense against external threats.
- Avoid phishing emails. As previously mentioned, there are scammers out there using the COVID-19 crisis as a smokescreen for their nefarious attempts at your sensitive data. Phishing emails are a classic way they do that. In most cases, these emails may look like a business offer, a great deal, or even an important message from your boss, but in every instance, there's a link it says you must click. DO NOT CLICK IT UNLESS YOU KNOW WHO SENT THE LINK. Those links usually lead to a required download that installs malware onto your system, immediately compromising it in the process. Be on the lookout for odd email addresses, poor grammar or generic greetings that don't match the personality of the individual sending the email, and whatever you do – do not provide any personal information.
- Enable multifactor authentication. Passwords can be broken. It's just a matter of fact that humans have been codebreaking for as long as we've been making codes, so it only makes sense that there are programs out there now that can crack most passwords in moments. While practicing good password etiquette is a great first step, two-factor authentication adds an additional layer of protection, since it requires additional action beyond entering a password.
While a lot of these steps can be taken by the individual worker, companies should enact policies and take measures to further shore up their remote employees' defenses. "It is not too late for CEOs and others in charge of companies to take steps to get these risks under control, and to protect their data and that of their customers," Rembiesa said.
- Set up remote access. It may be significantly more difficult to do this without the physical devices in front of you or your IT department, but companies should do everything they can to establish remote access protocols. This may be particularly difficult to enact, however, as you'll likely need to access the onsite devices to issue multifactor authentication tokens.
- Reinforce confidentiality. The coronavirus outbreak has disrupted a lot of lives, and with people working in close proximity to their families, things can get hectic. Now is an important time to remind employees that while they work remotely, they have to maintain the same level of professionalism when it comes to secure and sensitive data as they do in the office. That includes reminding people that personal email is not to be used in an official capacity and that any physical documents kept at home must either be disposed of properly with a shredder or set aside to be shredded later.
- Update emergency contacts. If you can't reach employees via email, be it from a widespread power outage or if your company becomes the target of a cyberattack, having another way to reach your employees is paramount. This can be as easy as compiling a phone number list or setting up a secure way to message top personnel that circumvents any digital intrusion.