COVID-19 has been dominating the news, and with good reason. While the situation is certainly “fluid”, it is likely that many organizations will at some point be asking their employees to work remotely; it is important to remember that doing so it not without its risks. As most organizations have information to protect, now is the time to consider the potential “cyber” risks of remote working, and remedial actions that can be taken to mitigate these risks.
- Unsecure WIFI networks: Home networks (and use of public networks) may be vulnerable to malware or ransomware attacks through their wireless router – Secure home WIFI networks with a robust password and, when possible, avoid use of public networks.
- Working on unsecure personal devices: Home computers may lack critical security patch management – Employees should only conduct work on their employer-issued computers. Where this is not possible personal laptops should not be allowed to leave the home.
- Transferring corporate data using personal e-mail accounts: Employees may send sensitive information to their personal email accounts; non-enterprise email accounts usually lack the protections that commercial accounts often have – Advise employees against sending sensitive company data to their personal email accounts, and to permanently delete any corporate data remaining on their email accounts after they return to their normal working arrangement.
- “Hard-Copy” document management and destruction: Employees may take hard-copy sensitive or confidential materials off-site that they would not otherwise – Advise as to proper destruction and to avoid disposing of documents at home or in a public place without proper cross-cut shredding.
- Unsecure connections to organizational systems: Absent a secure virtual private network (VPN),employees may attempt to connect to your systems in an insecure manner – investigate the viability of configuring a VPN for employees accessing your systems.
- Synching with personal cloud storage accounts: Employees working remotely may use a personal cloud service account to transfer documents or data to and from office that may be less secure – Monitor, recommend/advise.
- Key vendor relationships: Most organizations rely on third-party vendors to support both internal and external mission-critical services. These services could be impacted should these companies also ask their employees to work from home – Proactively reach out to these vendors to inquire as to their plans to continue to support your organization and to keep your data safe (as summarized above); also review the contracts in place to be aware of your rights and remedies.