by Thomas G. Stephens, Jr., CPA, CITP, CGMA
As the world comes to grips with COVID-19, many businesses are responding by encouraging team members to work from home. The rationale behind this action is to reduce the possibility of a contaminated team member encountering other team members, and potentially contaminating them. Unfortunately, not everyone has thoughtfully considered the security ramifications of encouraging team members to work remotely. Consequently, many of these new remote workers may potentially and unknowingly compromise sensitive information. Read this article to learn about five security best practices you need to have in place in these environments.
Do Not Connect Through Unsecured Wi-Fi
It's an unfortunate fact, but many home wi-fi networks remain unsecured. As such, cybercriminals can intercept the data transmitted over these networks easily. Of course, this results in potentially compromising sensitive and privileged information. Therefore, if you work from home and use wi-fi, protect the network at a minimum by requiring a password to establish a connection. Remember, you should never utilize an unsecured wi-fi network, regardless of whether it is in your home, a hotel, or any other venue!
To improve security relative to your internet access while working remotely, consider the following options:
• Connect to the Internet using wired connections. Not only will they be more secure, but they might also be faster.
• If wired connections are not practical, secure your wi-fi connection with a strong password. You may need to re-configure your wi-fi router to add this password.
Virtual Private Networks (VPNs) create a secure, encrypted “tunnel” in the otherwise unencrypted Internet. Accordingly, the VPN encrypts all traffic that passes through it, even if the network itself is not encrypted. Stated differently, assuming a secure network connection (as described in the previous paragraph), a VPN adds yet another level of encryption to your data. Your IT staff may already have a VPN option in place for you. However, if they do not, you can take advantage of one of many good “personal” VPNs, including Nord VPN, Private Internet Access, Express VPN, and CyberGhost VPN. Either approach helps to reduce your risk of exposing confidential and sensitive information.
Be Aware of BYOD Risk
If you work from a computer that you provide personally – as opposed to a company-provided device – are you sure that your device is adequately secured. This risk is known as Bring Your Own Device (BYOD) risk, and it can be quite significant. For devices that your IT staff maintains, they likely implemented necessary security measures already. Examples include ensuring that anti-malware software updates automatically, users do not log-in with Administrative rights on the computer, and unauthorized software cannot run on the computer. But in the traditional home computer environment, often these and other necessary security measures are not in place. Further, because several family members likely use the home computer, you run the risk of compromising data due to someone else's actions or activities on the device.
In short, when working from home, try to use devices managed by your IT team. When this occurs, we shift the security issues associated with the computer to professionals who should have adequate training for the task. If, however, you must use your device to work remotely, at a minimum, ensure that your operating system and all your applications have the most recent updates available. Also, verify that anti-malware software is installed on the computer and is updated at least daily. These measures help to reduce BYOD risk when working from home.
Watch Out for Leaving Data Behind
Following on the previous point, be careful about where you store your data if you are working on your computer. In these situations, it is common for team members to save files on the local hard disk, as opposed to the corporate server or some Cloud-based resources. Then, when the working environment transitions back to a more routine one, and you return to the office to work, you may realize that all the files you have been working on are still on your home computer.
To address this issue, consider storing all your data on an external hard disk and then taking that hard disk with you to the office when normal operations resume. Better yet, if your organization provides access to Cloud-based storage such as OneDrive for Business, store the files there. That way, you can collaborate with either team members in real-time using Microsoft Office applications.
Is Your Office Computer Turned On?
You can use tools to control your computer in the office remotely. This approach gives you access to all the files on the device and network and to all the applications installed on the computer. However, there is a downside to this approach. The downside is that, with some exceptions, you must leave the computer turned on so that you access it remotely. Of course, while the computer is on and you are not physically present in the office, unauthorized users might choose to run applications and access data from that device. Therefore, you may want to consider asking your IT staff to enable Wake-on-LAN (WoL) on your computer. Without going into a technical discussion, WoL essentially allows you to turn on your computer remotely. With this feature enabled, you won't have to leave it running 24/7, and, in turn, you reduce your security risk.
The global pandemic caused by COVID-19 has clearly put us in uncharted territory, on many fronts. Yet business needs to continue with as little disruption as possible. One way that can happen is to work from remote locations to reduce the risk of contracting or contaminating team members. For those who work remotely on a routine basis, hopefully, the five items discussed above have already been addressed. However, for those who are suddenly working in this environment, be sure to address the issues outlined in this article to reduce the risk of compromising confidential and sensitive data. Let’s not make a challenging situation any worse because of a data breach.
Thomas G. Stephens, Jr., CPA, CITP, CGMA is a shareholder in K2 Enterprises.