Working From Home Security Risks and Tips

We are all impacted by COVID-19 and businesses are responding by keeping their “doors open” virtually by moving to online sales and using a remote workforce.
Our Security Team has some great tips to make sure your remote workers keep your business safe from cyberattacks.

What is a VPN and how do companies use them for remote workers?

VPN stands for Virtual Private Network and is a safe remote connection – as long as it comes with MFA for access.  It creates an encrypted tunnel between your remote device and the servers and files at work.  Windows 10 and Mac OSX have built-in VPN setup capabilities; however, you need a VPN service based on your type of business servers.  This is a nice step-by-step article recently published by CNET regarding how-to for Windows:  https://www.cnet.com/how-to/how-to-setup-a-vpn-on-windows-10/

If you’re not on a VPN, what steps do you need to take to protect your company when you are working from home?

Your employees must use MFA (Multi-Factor Authentication) to access business applications.  We recommend MFA whether you are in-office or remote, also use strong passwords, like passphrases that are greater than 10 characters in length.  Make sure your workstation has current patches and updates for the OS (Operating System), Web Browser and Adobe PDF Reader.  Also, it is vital to have Endpoint Detection and Response (the upgrade to the now old-fashion Anti-Virus).  EDR and patching are more of an issue if the remote worker is using their home computer and not a business computer that is monitored.

What should companies do to make sure they’re protected during this time? (with people working at home, offices unattended, etc).

The best method is to provide the employee with a laptop managed by the office.  If the servers are at the office, IT can and needs to monitor those remotely.  If your business is used to having staff present 24/7, consider a physical security option – alarms, cameras, etc.

Are there new scams coming up because of this crisis?

Any topic that becomes “hot”, like the pandemic, working remotely, toilet paper will attract cybercriminals, so be suspicious of any unsolicited offer.  Unfortunately, there are several phishing emails and malware websites identified as cybercriminals trying to capitalize on the COVID-19 pandemic.  The best advice is to avoid all unsolicited emails or websites and only trust sites provided by the government. Nationally, an excellent site is the National Governor’s Association site:  https://www.nga.org/coronavirus/

Are there risks that people don’t even think of?

Your staff will most likely experience new applications and ways to communicate.  Not knowing how to use microphones and cameras with remote meeting software can lead to ineffective meetings or embarrassing situations.  Your staff may need training on new tools and need help setting up their VPN or MFA.

Is video meeting software safe?

Microsoft Teams and Zoom are two very popular and mature options.  As with any software, setting it up correctly and making sure the users understand how to use it correctly is vital for success. Also, the meeting organizers must ensure the invitations are sent to the intended participants.

File sharing tips?

Using a consistent process and application across the business it important and lets you keep control of business files. Make sure employees know what service you are using, like Microsoft Sharepoint, OneDrive or Dropbox and how to properly access files and save files.  Encrypted email may also be needed to maintain compliance if you are sharing protected/sensitive information (ex. HIPAA Guidelines). DO NOT save files to the local computer because your business may lose control of the file and likely it will not be backed up.  If your employee is not well-trained, we guarantee they will save files to their computer.

Tips for backing up data, etc., while working at home

You will want employees to save all data to a location on the company network, like a file server, or a specific location on the internet, like Office 365.  You need to maintain control of your data and back it up regularly to avoid further interruptions to your business continuity.

Any final tips?

Since working at home comes with a new set of office mates, make sure your kids and guests understand your computer is for work and should not be shared.  Log off all business applications and web sites at the end of each workday and lock your computer whenever you walk away.

If you are not already doing so, it’s a great time to add Cybersecurity education to your mandatory workforce training. We have a great online training platform to make the process easy to push out to all employees.

Thank you, Security Team! That was timely and helpful information. 

At The AME Group, we take our own security seriously and can help guide you to make the most cost-effective decisions to boost your business’ cybersecurity maturity.  

More Information about our Breach Prevention Training Platform HERE.