By Barry Cook – Privacy and Group Data Protection Officer at VFS Global
With close to half a year of ‘work-from-home’ under their belts now, the remote workforce across the globe has started getting comfortable in their new living room-offices, away from everything familiar. Along with work, entertainment, shopping, education, socialising – activities that would have earlier required one to step out of the house, have been brought, quite literally, into the palms of our hands, through our phones and laptops. As we have graduated to living lives online with streaming services, e-commerce, e-learning, and social media – we have also made ourselves increasingly vulnerable to cybersecurity threats and cyber-criminals have responded to this by shifting their focus to attacks on mobile devices
In the recent months, cyber-attacks have risen to become one of the biggest threats on the digital health of corporations – with even the most heavily guarded businesses becoming vulnerable to data breaches. These not only pose a threat to sensitive company data, but also cause serious loss of production time, man-hours, revenue, while impacting the company’s reputation and inviting potential regulatory fines. It is therefore imperative to ensure you brace your company and employees with preventive measures to minimize such risks, instead of preparing to deal with consequences.
Today, there are various simple ways in which corporations can ensure that employees remain secure while working remotely, keep company data safe, and have a healthy digital experience as they navigate their new work-lives from home. Here are a few ways the companies can go about doing so, without overwhelming employees with complex directives and regulations.
Securing home networks
More often than not, people now use the same set of devices for both work and recreation – this puts not only their personal information at risk, but also risks exposure to sensitive company data. Physical security, firewalls, anti-fraud measures – these were all far more effective when everyone was accessing official data at work, guarded with enterprise-level security, but not anymore. One of the most common downsides to working from home is unsecured Wi-Fi networks. While your employees are physically in the office, the company IT department can control the security of the Wi-Fi and LAN networks that are being used. Since home Wi-Fi networks usually have weaker protocols (WEP instead of the more commercially used WPA-2, for example), it not only makes devices directly vulnerable, but also exposes them to hacks on other personal devices connected on the same network, such as mobile phones, digital assistants, smart appliances, etc.
There are a few ways to avoid this. Companies should issue advisories around router protocols that are the safest to use while working from home – i.e., a WPA-2 or higher, and ensure that employees assign it strong passwords that are frequently updated. There is also merit in providing them with simple instructions or training in creating separate subnets for each home device that uses their home router, to ensure that even if one of their devices is compromised, the others remain secure.
Staying out of the phishing net
Another leading cause of data breaches, especially in recent times, is phishing scams. Taking advantage of people’s anxiety to know more about the COVID-19 crisis, there have been several instances of fraud emails and SMS messages linked to information about COVID being shared. This is a common strategy used by scammers to hoax unsuspecting people under the guise of sharing important information, followed by infecting your device with ransomware. With the lack of strong firewalls offering by commercial networks, this can unfortunately be a common occurrence. This can be remedied via simple instructions issued to employees, starting with emphasising the importance of double-checking each link they click on. As a company policy, while using official email, any links or attachments received from an unknown sender, should not be clicked on at all. A handy tip to share with employees while looking for fraudulent emails is to check the way it’s written/formatted – if they have obvious typos, grammatical errors, or misspelled words – one should avoid them.
Ensuring closed-door meetings
The most significant tech adoption for companies adapting to work-from-home has been using video calling software for team meetings – which means a proportional increase in the potential for trouble as well. These platforms, if not used correctly, can very often be unsecured and open to uninvited guests, which is anyone with a meeting link. However, there are simple solutions to ensure your official meetings remain secure and your employees’ privacy remains intact. Meeting hosts should ensure they “lock” their virtual conference rooms, or password-protect each meeting, and not share meeting links on social media platforms to avoid unwelcomed, inappropriate, and harmful gate-crashers. Regulations for remote meetings should mandate the updating of video calling software regularly so that it’s equipped with the latest security upgrades and bug fixes.
A lot of people working from home will have small children around. Small (and not so small) children often associate laptops and other devices with games and entertainment and don’t always understand the fragility of a laptop or mobile device. Companies are seeing increased reports of damage to devices. While this not only expensive for an organisation it also means the employee may not be able to work until the device is repaired or replaced. This may not be such a quick or easy task during lock-down. A reminder to employees about keeping work related devices out of the reach of children will reduce the risk of your employee being off-line.
Although 6 months of working remotely have made most of us semi-experts in wielding technology, doing so correctly is key, especially when working with confidential company information. Corporations need to be vigilant in their approach to educating and monitoring employees regarding network security, usage of work devices on unsecured routers, inactive accounts lurking in the corners of the internet, and the latest software upgrades. Now that remote working is here to stay for the foreseeable future, these handy tips and a little foresight can ensure round-the-clock security for both your company and employees.