As diagnosed cases of the coronavirus increase globally, “social distancing” and “flattening the curve” have entered the common lexicon—and earned hashtag status in the United States. Many companies are doing their part to support government directives by encouraging employees to work from home.
Remote work is a commendable response to COVID-19—and has long-term benefits for organizations, including increased productivity and decreased operation costs, according to a Forbes article.
Helping protect employees’ health is critically important during this pandemic, but companies must also consider their online security as the number of remote employees increases. If your company doesn’t already have remote work policies, now is an optimal time to add them to the employee handbook.
Read on for four recommended cybersecurity guidelines to include in the handbook to protect your remote workers and your company’s data.
Strategy #1: Keep the Personal and Professional Separate
When employees’ homes become their workplace, separating their personal and professional lives gets more challenging. But doing so is important not only so they can maintain a sense of work/life balance but also to ensure company information stays protected and off of employees’ personal devices.
How do employees keep the personal and professional separate when working from home?
- Use unique passwords: Personal and work passwords should be strong and distinct. A lot of advice exists on creating a strong password, such as How-To Geek’s article “How to Create a Strong Password (and Remember It).” If your company doesn’t already provide password creation guidelines, consult expert advice, determine what works best for your company, and give employees tips or even rules on creating strong passwords.
- Keep work e-mail and personal e-mail separate: Optimally, employees should check personal e-mail on personal devices rather than on work devices. At the very least, employees should use different log-ins and user accounts to access each, according to e-mail security provider MailRoute. Otherwise, a virus from personal e-mail could infect work e-mail or even the company’s network.
- Don’t use work devices for personal purposes: As just mentioned, this means not checking personal e-mail but also not logging into personal social media accounts on work devices. Employees should secure their device access with a password and not let children or other family members use work-issued devices to watch videos or anything else.
“Treat your work-issued laptop, mobile device, and sensitive data as if you were sitting in a physical office location,” said veteran cybersecurity executive Andrew Hay in a Business News Daily article. “If you think of your laptop and mobile devices as work-only assets, it makes it far easier to control access to sensitive data and remain data-aware.”
Strategy #2: Enter Data Only on Authorized Websites.
When an employee types a Web address into a browser, the browser and website communicate, sharing important information. That includes an identifier that’s unique to the browser being used. It appears to the left of the search bar. These identifiers let the employee know if the site is secure and authenticated.
Secure sites have Transport Layer Security (TLS) or Secure Sockets Layer (SSL) certificates. TLS and SSL are computing protocols that use encryption to protect any data entered on the site. TLS certificates can also confirm that the website belongs to the company identified in the certificate.
Employees may not realize the potential risks from visiting unauthorized websites, which could be phishing sites collecting personal information such as passwords and credit card numbers for nefarious purposes. Checking for additional information on site authenticity can help.
Inform your remote employees of the importance of checking for TLS/SSL certificates on websites they visit. Make this level of caution a directive to increase compliance among your workforce.
Strategy #3: Use Multifactor Authentication.
For security, many sites require that users offer some evidence (or factor) of their identity before gaining access. It could be something they know (like their mother’s maiden name), something they have (like a bank card), or something they are (a physical characteristic like a fingerprint or typing speed). Using two factors is called two-factor authentication.
Employing multifactor authentication (MFA)—and not simply two-factor authentication—can make it incredibly difficult for hackers to gain access to your network and data. In addition, request that employees turn on encryption on their personal wireless routers (many routers will offer either WPA2 or WPA3) to boost the router security.
Make it more difficult for unauthorized users to hack your network and access your data by opting for MFA and not just two-factor authentication. MFA requires that anyone accessing your network submit three factors before being granted access.
This can increase your control over who accesses your site—something that’s especially key with remote workers because home networks often don’t have an Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPSs), which enterprise networks typically do.
Strategy #4: Play It Smart with Wi-Fi Connectivity.
The coronavirus has temporarily shut down many coffee shops, so remote employees are less likely to be connecting to the company’s network via public networks, including problematic open networks. If employees have previously connected to such networks, request they change their settings so work devices don’t automatically connect to them.
However, remote employees still should be cautioned about the risks of inadvertently transmitting company data via their home wireless network. The Federal Trade Commission recommends turning on encryption (WPA2 or WPA3) on their home’s wireless router. If remote employees can’t update their router software to offer these security options, they should replace their wireless router to reflect the most up-to-date encryption standards.
By supporting employees so they can work remotely, your company is admirably minimizing their physical risk of coming into contact with the coronavirus. Protect their online security—and your company’s data—by establishing the cybersecurity guidelines outlined above.
Beyond COVID-19, these strategies can prove useful as more companies encourage remote work to attract the best talent, boost employee productivity, and increase cost savings.
|Dean Coclin has more than 30 years of experience in cybersecurity, software, and telecommunications. As Senior Director of Business Development at DigiCert, he is responsible for driving the company’s strategic alliances with IoT partners in the consumer security market, and with other technology partners. Coclin is also the previous chair of the CA/Browser forum.
He holds a BSEE from George Washington University and an MBA from Babson College. Coclin is currently pursuing a Master’s Degree in Cybersecurity Policy and Compliance.