Click here to get this post in PDF
For lots of people, working from home is a dream come true. Yes, we miss the energy of the office and the camaraderie of our colleagues. But you simply cannot beat this commute.
However, even the dreamiest workplace scenarios have their dark sides. Working from home may save time, money, and be an important measure for public health right now, but safety is a big concern. No, we’re not talking about keeping your laptop out of your toddler’s reach. (Yes, we’ve learned that one the hard way.)
We’re talking about the data privacy and security risks that come part and parcel with working from home.
Work from home risks by the numbers
The mass shift to working from home caught everyone by surprise. Before April 2020, 44% of small businesses already had a WFH policy before this year but only 20% regularly worked from home. That changed with stay-at-home orders, which led to almost 75% of employers allowing or requiring employees to work remotely.
Since then, we’ve seen a significant rise in privacy and security issues.
- Scams increased by 400% over the month of March, making COVID-19 the largest-ever security threat.
- Half a million Zoom user accounts were compromised and sold on a dark web forum.
- The search term “how to remove a virus” increased by 42% in March.
- Remote work has increased the average cost of a data breach by $137,000
- 52% of legal and compliance leaders are concerned about third-party cyber risks due to remote work since COVID-19.
Use strong passwords
This is ancient advice, going back to the earliest, most caveman-like days of the internet, when only one person in your house could be on the Internet (with a capital “I”) at a time.
Seriously, though. This practice is what everyone is counseled to do from the time you get your first online accounts, yet it’s still a major problem. 51% of people use the same passwords for both work and personal accounts and 57% of people who have been scammed in phishing attacks still haven’t changed their passwords.
Why?!? It’s literally the easiest thing you can do to protect your data security. So update your passwords, everyone. Make sure your passwords are:
- Don’t reuse passwords
- Make it long, make it complicated, and change it regularly
- Use 2FA: Two-factor authentication or multifactor authentication — such as Google Authenticator, Authy, or Ping — means the business sends you a single-use passcode to your phone or email that allows you to verify your identity. It slows down the process of logging in, but it makes it much easier to prevent hacking
And if this seems frustrating, we get it. That’s why password managers can be fantastic resources for employees juggling multiple passwords.
Follow data storage and transfer procedures to the letter
You got the okay to work from home. Fantastic! But where are you storing your work, exactly? If you don’t have easy access to your company network from home, then you might default to saving projects on your desktop. Proceed with caution! This is risky because data saved locally or on devices that aren’t company issued are less secure. Not only are they more susceptible to malware, but if something does happen, it could be difficult (if not impossible) to retrieve since the data isn’t being backed up.
So what can you do?
- Opt for remote logins to your network via a VPN or save to your company’s cloud-based software
- If available, use a workplace-issued device for your work
- Follow access control procedures to ensure appropriate user access to sensitive data
- Invest in third-party log management vendors such as Mezmo as they become an essential part of many organizations’ business operations. While working with a log management service provider can help deliver value to the business, they also pose a significant cyber risk, especially when sensitive data such as personal, financial, and health care data is shared.
Use a VPN
Speaking of VPNs, make sure you are using a VPN if you’re accessing work-related networks. And even if you’re not! VPNs act like a secure passageway between your home device (whether it be a smartphone or laptop) and your workplace’s internal data and network by encrypting the data as it’s transmitted. More plainly: employees can safely get the workplace files and software they need to do their job from either the cloud or physical servers.
For a VPN to be successful, though, businesses need to create clear security standards and employees need to uphold them. It’s easy enough to implement acceptable use policies within an office, but that layer of observation is peeled away when employees work remotely.
If you don’t have one in place, get one. Your VPN should detail the responsibilities of your IT department or service providers; acceptable use policies for both business-issued and personal devices; whether subsidies for internet connections are provided; and consequences for violating service provider’s terms of service.
Beware of phishing
Phishing has been on the rise during COVID-19. The pandemic jump started hacking in 2020; 53% of cybersecurity professionals say they’ve directly seen an increase in phishing attacks and on average, businesses have faced an onslaught of 1,185 phishing attacks every month, according to Great Horn’s 2020 Phishing Attack Landscape Report.
Phishing is a big worry for employers and employees alike, but it’s also something that some simple precautions can help prevent. An ounce of training, as they say, is worth $10,000 in data breach losses. Your employees should know the following:
- How to identify phishing emails
- Verify email addresses
- Check links for destinations
- Pinpoint suspicious emails
- Do they sound urgent?
- Is the email addressed properly to you, i.e. do they use your correct name?
- Does the layout and business information included look right, i.e., does the logo look badly sized or does the email address look off?
- Does the email have bad spelling and grammar?
- Avoid opening attachments
- How to report phishing incidents to their business
This information won’t necessarily prevent phishing attacks from happening, but they can significantly reduce their effectiveness.
The call is coming from inside the house
Literally. If part of your job involves confidential conversations, you need to make sure that you’re taking them in a private place. And that private place, believe it or not, probably isn’t in your living room. Not only could household members overhear, but virtual assistants and Internet of Things capable devices — such as Alexa, Siri, Echo, Ring, Nest, and so on — can pick up on these conversations.
Internal issues to consider
If you’re in a decision-making role in your business, there’s a lot you can do to support your employees in reducing data privacy and security risks when working from home while also protecting your business. Consider the following steps to take.
If the worst case scenario occurs, the personally identifiable information you’ve been entrusted with can end up in the hands of hackers. This can lead to big losses: business income, reputation, consumer trust, legal fines and fees. It can even shutter your business.
However, cyber insurance can help immensely by covering costs to notify customers and employees, public relations costs, and credit monitoring services for data breach victims. Have your policy and coverage reviewed by an attorney specializing in this area, though — many policies aren’t as extensive as policyholders might hope.
Remote employee policies, practices, procedures
It’s been seven months since the first pandemic shutdowns occurred, but it’s still worth assessing the policies, practices, and procedures in place for employees. Not surprisingly, as a line item, IT should be thoroughly addressing this.
One significant concern is what is known as shadow IT, where employees pick out their own applications or services rather than the ones approved by their IT department. For example, they might choose to save their documents on their personal cloud-based service rather than their workplace one. Expectations need to be detailed for all areas of employee work.
Working from home may last another few months. Maybe it will last for a few more years. Maybe it’s truly the new normal. However long it lasts, business owners and employees will benefit from prioritizing their data privacy and security. After all, there are enough risks in the world these days — our digital lives don’t need to be one of them. Make sure you contact a privacy consulting firm if your workforce has gone remote!
You may also like: The Incident Free Office: How to Improve Security in the Workplace
Image source: Shutterstock.com