COVID-19 has thrown many businesses into the fire when it comes to remote working.
Cybersecurity solutions firm Morphisec reported in its Work-from-Home (WFH) Employee Cybersecurity Threat Index that remote working was a new experience for 49% of employees. Further, 25% of employees working from home aren’t familiar with security protocols in place for their devices.
So what can organizations do to maintain security and confidentiality and strengthen remote working environment policies?
While employees using their own devices for work provides convenience and saves employers money, it can expose organizations to risks by allowing access to files, networks and phone and email systems.
More than ever, it’s essential for an organization to set or review its security policies for the use of these devices. At minimum, the policy should address password protocols, Wi-Fi network security, the use of public Wi-Fi and device loss or theft. An increase in the number of remote users can also present an opportunity to train employees to use mobile devices to access corporate resources.
Virtual Private Networks
A Virtual private network (VPN) creates an encrypted tunnel between users and remote servers operated by a service. Although VPNs are not the newest model of technology, they can provide a highly secure, remote work solution that is user friendly and cost effective. If encryption is employed, VPNs can provide extra comfort when users access public Wi-Fi or use unsecured devices. VPNs can mitigate consequences if an organization does suffer a security breach.
Train, Train, Train
A proactive security training program is one of the most effective ways to mitigate the risk of security breaches, and a global pandemic hasn’t changed that. Cybercriminals have exploited the COVID outbreak to increase phishing activity, infiltrate computers, networks and access sensitive and legally protected information. Employees can be an organization’s most vigilant defense against attacks, so maintaining an ongoing training program is a key, even legally-required, component of information security.
Don’t Forget Paper
Although technology poses the large risk of unauthorized access or disclosure of sensitive information, a comprehensive information security program also addresses threats to physical security. A remote working environment creates the additional risk of unauthorized access to paper documents. It is reasonable to expect papers to be transported to and from the office and documents to be printed at home. Often, employees take for granted the shred box at the office, so it is equally important for organizations not to overlook secure disposal of papers in its WFH policies.
An organization may require personal shredders or organize a secure pickup of documents to be shredded. However it is addressed in practice, WFH policies should be clear that recycling confidential information is not an acceptable form of disposal.
Whether an organization intends for its WFH policies to be temporary or permanent, it is important to give those policies deliberate consideration and review to ensure an organization’s sensitive and legally-protected information remains secure.