Over the past weeks, we’ve worked with many of you to add or increase your work-from-home capabilities as a result of the COVID-19 pandemic. This move not only helps keep our coworkers safe but also our families and the greater community. As our team burns the midnight oil to do our part, our thoughts and prayers go out to everyone affected by this international crisis.
To better assist your work-from-home goals, please be mindful of the dangers of and best practices for remote work.
While social distancing is critical, we must also recognize the risks a remote workforce poses and be vigilant to keep our systems secure. Remote work immediately increases the vulnerability of your company’s cyber security. Suddenly, we’re no longer at one office location with multi-layered security measures in place. Our surface of attack is exponentially spread into homes that aren’t equipped with enterprise-grade firewalls and onto personal computers that may already be compromised (studies estimate that 1/3 to 1/2 of home machines are).
COVID-19 Scams
Taking advantage of the interest and coverage of COVID-19, cyber criminals are using new tactics in their phishing and malware attacks. Fake coronavirus websites, often with legitimate information from trusted sources, are being created to spread malware. New phishing emails and clickbait links using similar messages are also spreading. Do not trust COVID-19-themed emails, even if they appear to come from governmental sources. If you receive one and think the information may be worth clicking, go instead to the organization’s website. Any official, legitimate updates will be included there.
Avoid falling victim to one of these scams. Follow basic phishing prevention as we’ve explained in our learn page and phishing quiz, and always go to official government sites for coronavirus information.
- Centers for Disease Control Coronavirus Information
- Interim Guidance for Businesses and Employers
As with all phishing attempts, never open attachments or links in unsolicited emails. If you know the person who sent it, confirm with them that the email is legitimate first, preferably by means other than email as responses can be faked. When searching for coronavirus information, hover over the link before you click and make sure the URL matches the source it appears to be in search results.
Maintaining Confidentiality
Working from home presents unique challenges to the privacy of your work, but your company’s confidentiality policies and contracts remain in effect no matter where you are. This is especially important if you are subject to HIPAA or other governmental regulations. Keep up to date with all regulatory changes made to accommodate the novel coronavirus situation.
There are measures all remote workers should follow to protect the confidentiality and security of their work space while in a home environment.
- Always lock your screens when you step away from the computer to keep curious children (or pets) from wreaking unintentional havoc.
- Work in your own room or create a space away from other members of your household. The space should be isolated enough to avoid onlookers and to conduct work conversations without being easily overheard.
- When using a company-owned device, keep it locked or turned off whenever you are not with it, and never allow others in your home to use it for any reason.
- If using a personal device for work, create a separate, password-protected user profile to access company data from. Do not allow others to use this profile.
- Keep any work papers or confidential information in a safe, preferably locked, place.
Home Network Performance
Home networks, including your internet service, are typically not as reliable as your office IT systems. With the additional load of millions of users across the nation trying to do the same things you are, you will likely face performance issues when working from home. Since home internet often isn’t as fast as your work connection, video conferencing may flake out and remote connections to your office network or devices may lag. The more people taxing your internet with activities such as online learning, streaming, gaming, or video chatting, the more likely you are to have performance issues.
Due to the increased need for high-speed internet to accommodate the sudden influx of both home-based work and schooling, some internet service providers (ISPs) are offering additional speeds for those with no or limited internet access at no extra cost. Others are removing data caps and related fees for those on fixed data plans. If you think you might qualify, contact your ISP for more information.
Home Network Security
Performance isn’t the only potential issue with a home network. Security is a big concern when connecting to the office network from home. Besides the obvious security measures such as having patched, up-to-date computers with strong anti-virus/anti-malware protections, here are a few more tips to securing your home network.
- Update router firmware if needed.
- Make sure Wi-Fi has WPA-2 or higher encryption with a strong password (not the default).
- Update firmware in all IoT (Internet of Things—smart thermostats, cameras, etc.). IoT is often more vulnerable to attack and has been used to infect home networks.
- Never use default passwords on any internet-connected device.
- Remove or deactivate all browser extensions not necessary for work. They might seem helpful, but many have tracking embedded in them and some are vehicles for malicious code.
- Use multi-factor authentication (MFA) whenever available.
Training & Communication
While knowing how to spot phishing and social engineering attacks is essential to network safety, that’s not the only kind of training those who work from home should receive.
Review relevant security and office policies and ensure that you know who to contact if an issue arises. What problems can be resolved by office staff or a coworker, and what problems need to go to IT experts? Work efficiency will suffer if you continually contact the wrong people to resolve your problem. Consider partnering with another team member to check in about potential suspicious activity or emails before reaching out to an IT professional. You may not be alone in experiencing an issue or threat.
We’re already taxing our systems and IT personnel; don’t give criminals the edge. Be even more vigilant at home. It’s easy to become relaxed in your own space, but those with malicious intent are also working overtime to capitalize on our situation.