In the Age of COVID 19 – Be Safe and Secure While Working Remotely
Best practices to help keep your remote environment secure
While working remotely at home provides flexibility and social distancing in this time of COVID-19, it may also open the door to unexpected and unwanted security issues and breaches. By taking a few simple and important steps, you can securely work and have peace of mind that your business is continuing to operate without introducing added risks.
Risks that present themselves range from nuisances and disruption, such as with “Zoombombing” [a disruptive intrusion by hackers into a video conference call], to device and network compromise with viruses, spyware or ransomware.
Here are some best practices to keep your remote environment secured:
Teleconferences
When using Zoom or other remote meeting sites that provide audio and video connectivity, be sure that the security settings are activated to only allow screen sharing by the host, or designated others who have a need. Also be sure to use access passwords or codes available only to the invited participants that are provided in the invite prior to the meeting.
Equipment, Software and Hardware
Often the organization does not provide all equipment or supplies necessary to ensure remote access. The proper protection of information to which the user has access involves connection to the Internet, local office security, and the protection of physical information assets. Below are some of the additional items that may be required:
- Broadband connection;
- Paper shredder;
- Secured office space or work area; and
- A lockable file cabinet to secure documents when unattended.
Remote users using personal equipment are often responsible for:
- access to the internet;
- the purchase, setup, maintenance or support of any equipment or devices not owned by the company; and
- ensuring current and active antivirus, firewall and malware protection is installed, functioning and updated regularly.
Security and Privacy
Organizations often have policies regarding user logical security responsibilities. Here are a few such responsibilities, which should translate to the work-from-home environment:
- Log off and disconnect from the company’s network when access is no longer required, at least daily;
- Enable automatic screen lock (if available) after a reasonable period of inactivity;
- Do not provide (share) their user name or password, configure their remote access device to “remember me,” or automatically enter their username and password;
- Enable a firewall at all times;
- Ensure virus protection is active and current; and
- Perform regular backups of critical information using a secure storage solution.
Additionally, companies often implement additional logical security procedures for remote users. These may include:
- Disconnect remote user sessions after 60 minutes of inactivity;
- Access to company owned technology applications to use commercially available encryption technologies, such as multi-factor authentication, or use of a Virtual Private Network (VPN);
- Update the virus pattern on a regular and frequent basis;
- Provide a reasonable backup solution; and
- Perform regular audits of the company supplied equipment to ensure license and configuration compliance.
Company policies regarding physical security should also carry over into the remote-office. Here are some steps to consider:
- Maintain reasonable physical security of your remote office environment. This includes access to both company and personal technology equipment and documents;
- Limit the use or printing of paper documents that contain sensitive, confidential or non-public private information (NPI), and restrict requests for and handling of NPI to only what is essential to perform your job; and
- Ensure documents containing sensitive, confidential or NPI are shredded and rendered unreadable and unable to be reconstructed.
It is entirely possible to work remotely. A home office can be made secure by adhering to the steps above. Bear in mind that working at a hotel or a cabin or anywhere internet service allows for access presents security issues that may compromise privacy.
For further information, reach out to Tom Weyant, Director, Risk Management & Continuous Improvement, CQA, CFE, directly at tweyant@alliantnational.com or visit www.alliantnational.com/newsroom for additional information and articles related to cyber security and internet privacy.