Working From Home: How to Keep Your Employees Focused on Security
In the olden days—like 6 weeks ago—it was realistic to expect that your remote employees were using their secure company devices for work only. You could also assume they were only visiting expected websites that complied with corporate standards. What a difference a pandemic makes.
Let’s face it, with spouses working from home, kids doing online school, and college kids coming back to the nest for a bit, your employees’ work habits and spaces probably look very different these days. Now’s the time to reiterate the importance of keeping company resources secure. Here’s how.
Understand what your employees are up against.
Whether you’re aware of the individual circumstances of each of your employees, you can probably imagine a few scenarios. Some may have elaborate multi-screen setups with closed-door home offices. Others lug their work laptops all over the house. Many have spouses and children vying for workspace and computers for work, school, and job searches. Whatever the case, the computers your employees are using are likely to look a lot more like carpools than private rides. A little understanding can go a long way when you start laying down the law.
Emphasize that security still matters—a lot.
It’s no surprise that bad actors are exploiting COVID-19 for nefarious purposes. This is definitely not the time to let your guard down. Be clear about which company-owned equipment is to be used for what purposes. Failure to do so may leave the company exposed to liability from a breach down the road.
That said, it’s a good idea to provide a way to allow employees to check in with corporate IT if they do have needs outside of the normal course of business. For example, children may need to do homework or place assignments with Google Classroom. That could be a fairly benign task that doesn’t upset even the most stringent standards, if properly supervised. Providing working from home flexibility doesn’t have to mean compromising security.
Encourage eagle-eyed emailing.
Pressing replies and full inboxes can make everyone a little too complacent when it comes to email communications. Hopefully by now we don’t have to talk about spam filters (install them). But we do need to talk about spear phishing. Spear phishing is a strategy that tricks users into thinking they’ve received emails from a trusted source so they’ll reveal confidential information. At Hyper Networks, we see customers receiving emails from questionable senders all the time. For example, a sender like CEO@comqanydomain.com or other barely noticeable misspellings can be easily overlooked.
Train your employees to spot phishing attempts. Beef up your email security by flagging emails that come from outside your organization. You can set this utility up via admin in Office 365 or GSuite. Or use an email product like Checkpoint Sandblast, Fortinet Fortimail, or FireEye to automatically mark every incoming email from outside your organization with a tag like this:[CAUTION] This E-Mail originated outside of Goode Surgical. Beware of any links or attachments.
That way everyone knows, for example, that the CEO didn’t really just send them a link to update their direct deposit information.
Don’t let password protections slip.
It can be tempting to just give up on creating passwords and stop making your employees change their passwords every 90 days. That’s a risky mistake. Instead, insist that your employees use a password manager like LastPass, Dashlane, or Keeper. After the initial headache of setting them up (and remembering what your browser was remembering for you), these services are a simple solution to work-from-home security.
Remember two-factor authentication is your best defense.
There’s no way around it: you must use two-factor authentication for every entry into your corporate data. Whether your employees access via CRM, VPN, SharePoint, or Box, there’s really no excuse. Requiring two-factor authentication will help prevent the kids from accidentally screwing things up. And it also thwarts the criminals that are constantly trying to pretend to be you to hijack your data. It is your single best defense and a mostly insurmountable way to protect your data.
Request that employees surf on their own personal devices.
The lines between home and work are understandably a little blurred, but you still have to set boundaries to protect your company. Ask (remind) employees to do their random surfing on their personal devices, especially when not connected to the VPN. Remind them that all traffic and time on the web is monitored, filtered, and reported when they’re connected to the corporate network. Remembering their Tiger King binge and home haircare searches are recorded should help them acknowledge the difference between online business and leisure.
Stay serious about backup.
Frequent backups allow you to have peace of mind like nothing else. Yes, you need to keep backing everything up, even over those slower-than-the-office connections. Better still, insist that all documents and storage be kept on the company cloud shared drive like SharePoint, Box, or Google Drive, and not on the local PC. You can bet a lot of laptops won’t make it back to the office after all this, if only from spills while eating and working on the couch. Don’t take the chance. Not on the cloud yet? Hyper Networks can help you get set up on the cloud service that’s best for you.
Shore up those home networks.
At Hyper Networks, we emphasize that even in the best of times, security begins at home. Adopt this mantra and educate your employees. Just like handwashing makes spreading pathogens more difficult, security best practices keep cyber viruses and villains at bay.
Insist that employee home networks are WPA2 pass protected with a complex hexadecimal wireless password. Making your WiFi name public, like “Jim’s Wifi” or “88 Cherry Tree Ln” and then choosing a password like “12345678” or “password” is asking for trouble.
If you don’t believe it, open up your iPhone and look at the neighbors’ WiFi networks on your next jaunt around the block. It’s crazy how easy it is to guess which WiFi is coming from which house. Add a few simple tools from the web and you can crack the password, too. You definitely don’t want your company’s data to be that vulnerable, so make sure your employees are committed to staying secure while they work from home.