By Thomas G. Stephens Jr., CPA, CITP, CGMA | K2 Enterprises
As the world comes to grips with COVID-19, many businesses are encouraging team members to work from home. The rationale is to reduce the possibility of a contaminated team member potentially contaminating other people. Unfortunately, not everyone has thoughtfully considered the security ramifications. There is a potential for new remote workers to unknowingly compromise sensitive information.
Here are five security best practices you must have in place:
Do Not Connect through Unsecured Wi-Fi
It’s an unfortunate fact, but many home wi-fi networks remain unsecured. Cybercriminals could easily intercept data transmitted over these networks. This would result in the compromise of sensitive and privileged information. Therefore, if you work from home and use wi-fi, protect the network at a minimum by requiring a password to establish a connection. Remember, you should never utilize an unsecured wi-fi network, regardless of whether it is in your home, a hotel or anywhere else!
To improve security relative to your internet access while working remotely, consider these options:
- Connect to the internet using wired connections. In addition to being more secure, they might also be faster.
- If wired connections are not practical, secure your wi-fi connection with a strong password. You may need to re-configure your wi-fi router to add this password.
Consider Utilizing a Virtual Private Network
Virtual Private Networks (VPNs) create a secure, encrypted “tunnel” in the otherwise unencrypted internet. The VPN encrypts all traffic that passes through it, even if the network itself is not encrypted. Stated differently, assuming a secure network connection (as described in the previous paragraph), a VPN adds yet another level of encryption to your data. Your IT staff might already have a VPN option in place for you. If they do not, you can take advantage of one of many good “personal” VPNs, including Nord VPN, Private Internet Access, Express VPN, and CyberGhost VPN.
Be Aware of BYOD Risk
If you work from a computer that you provide personally – as opposed to a company-provided device – are you sure that your device is adequately secured? This risk is known as Bring Your Own Device (BYOD) risk, and it can be significant. For devices that your IT staff maintains, it’s likely they implemented necessary security measures. Examples include ensuring that anti-malware software updates automatically, users do not log-in with Administrative rights on the computer, and unauthorized software cannot run on the computer. But in the traditional home computer environment, often these and other necessary security measures are not in place. Further, because several family members likely use the home computer, you run the risk of compromising data due to someone else’s activities on the device.
In short, when working from home, try to use devices managed by your IT team. When this occurs, we shift the security issues associated with the computer to professionals who should have adequate training for the task. If, however, you must use your device to work remotely, at a minimum, ensure that your operating system and all your applications have the most recent updates available. Also, verify that anti-malware software is installed on the computer and is updated at least daily. These measures help to reduce BYOD risk.
Watch Out for Leaving Data Behind
Be careful about where you store your data if you are working on your computer. In these situations, it is common for team members to save files on the local hard disk, as opposed to the corporate server or cloud-based resources. Then, when the working environment transitions back to a more routine one and you return to the office to work, you may realize that all the files you have been working on are still on your home computer.
Consider storing all your data on an external hard disk and then taking that hard disk with you to the office when normal operations resume. Better yet, if your organization provides access to cloud-based storage such as OneDrive for Business, store the files there. That way, you can collaborate with either team members in real-time using Microsoft Office applications.
Is Your Office Computer Turned On?
You can use tools to control your computer in the office remotely. This approach gives you access to all the files on the device and network and to all the applications installed on the computer. However, there is a downside to this approach. The downside is that, with some exceptions, you must leave the computer turned on so that you access it remotely. Of course, while the computer is on and you are not physically present in the office, unauthorized users might choose to run applications and access data from that device. Therefore, you may want to consider asking your IT staff to enable Wake-on-LAN (WoL) on your computer. WoL essentially allows you to turn on your computer remotely. With this feature enabled, you won’t have to leave it running 24/7, and, you reduce your security risk.
Let’s Manage the Risks Together
We are in uncharted territory, but we can try to get business to continue with as little disruption as possible. Working from remote locations is a key to reducing the risk of contracting COVID-19 or contaminating team members. If you work remotely on a routine basis, perhaps these five ideas were implemented long ago. For those suddenly thrown into this environment, be sure to address the issues outlined to reduce the risk of compromising confidential and sensitive data. Let’s not make a challenging situation worse with a data breach.
About the Author: Tommy is one of the shareholders in K2 Enterprises, affiliating with the firm in 2003 and joining as a shareholder in 2007. At K2, Tommy focuses on creating and delivering content and is responsible for many of the firm’s management and marketing functions. You may reach him at tommy@k2e.com, and you may learn more about K2 Enterprises at www.k2e.com.
