The Covid-19 pandemic found many people working from home for the first time. As the world begins to stabilize, some companies find that a WFH arrangement may have advantages beyond the emergency and will keep it in some form moving forward.
While the WFH (work-from-home) lifestyle has lots of benefits for employees (hello, work PJs and a short commute to the spare bedroom!) and employers (hello, reduced overhead), there are drawbacks too. This is especially true when it comes to cybersecurity. After all, home office security measures typically aren’t as robust as those in the workplace.
So what can you do to keep your company’s data safe when your team works from home?
Help your team help you
Chances are, there aren’t many people in your organization who would deliberately jeopardize your data security. We hope not anyway! More often than not, a breach occurs accidentally. Yet, the end result is usually the same. There’s some truth to the old adage; “An ounce of prevention is worth a pound of cure.”
Ensure that your team is aware of the vital role they play in your organization’s data security and why it matters. Keep your team up to date on things like phishing scams, malware, ransomware and the like. Everyone on the team should be aware of your security protocols and tools, how to report an issue and what they need to do to keep data secure.
Encourage open communication
As we work remotely, it’s easy for the team to feel disconnected. This can hinder lines of communication, and cybercrooks are always looking to exploit any opportunity they can find. Staying in close contact with your team is a good way to head off potential threats before they become serious.
With ‘social engineering attacks’ on the rise, encourage your team to follow up separately on any odd emails, text messages or phone calls they receive. Social engineering attacks use things like emails or text messages that appear to be from a legitimate source, say your bank or your organization’s accounting department, but they’re really a fake. The message tricks the receiver into providing crucial data.
Encouraging a cyber-aware environment focused on transparent communication can help avoid a potential breach, and it can also notify you about threats. Awareness allows you to inform others in your organization. Remind your team never to share personal/private information in response to an unsolicited message.
Have sensible work from home policies
If your team is working from home, make sure you have relevant and useful policies in place. Not only will this help protect your organization, but it will also protect the customer data that you hold too. A data protection policy isn’t about micromanaging your team; it’s about setting your organization up for remote success. Cybersecurity isn’t just about responding to a crisis; it’s about preventing a threat before it even arrives at your door.
Update, update, update
Both our phones and our computers regularly require updates. These updates are often security patches and are usually a direct response to an identified issue. It might be tempting to ignore an update, but everyone needs to take the time to perform the update—even if that means starting a task a bit late because the update is taking a while. Where possible, we recommend turning on automatic updates. It is also wise to make sure the firmware is up to date on your Wi-Fi router.
Have strong, unique passwords
This point is so basic that we almost hesitate to include it. But while everybody knows you should have strong, unique passwords for individual accounts, a reminder never hurts. Every time there’s a major breach, we find thousands of users who haven’t used secure passwords for their accounts. With cyber-attacks getting more sophisticated, a weak password used across multiple accounts can leave you extremely susceptible to a security breach. Encourage your team to use strong, unique passwords for every account.
Do things the ‘route’ way
With more and more ‘Internet of Things’ devices now online, advise your staff to create a strong, unique password for their at-home router. Team members should create a separate guest network for those IoT devices, such as smart speakers, smart TVs, security cameras, and other non-computer or phone electronics.
Here’s a useful infographic from the SANS Institute detailing some of the stats, precautions, potential outcomes and cybersecurity risks of working from home:
Know what you don’t know
Plenty of organizations are at a point where their data security needs have increased, yet they don’t know where to begin. If you feel overwhelmed, know that it’s ok to ask for help and call in a professional.
Throughout the article, we’ve mentioned things like data security policies. Suppose your company doesn’t have one or requires an assessment. In that case, you can contact a data security expert like SeekingFire Consulting and learn more about the process and what makes sense for your organization’s needs.
No matter where you’re at, there’s no need to feel embarrassed; we’ve seen it all, and we know how easily businesses grow and that there’s sometimes a bit of catching up to do. Let us do our job so that you can focus on doing what you do best.
At SeekingFire Consulting, we’re proud to support businesses and institutions across Western Canada with their data security needs, and we’ve been making the digital world a safer, more secure place since 2005. If you have a cybersecurity question, check out our FAQs or contact us for a no-obligation chat.