Best practices for working from home

[et_pb_section fb_built=”1″ _builder_version=”4.3.2″][et_pb_row _builder_version=”4.3.2″][et_pb_column type=”4_4″ _builder_version=”4.3.2″][et_pb_text _builder_version=”4.3.2″ hover_enabled=”0″]

Many of us are now finding ourselves working from home, which has created unfamiliar terrain from what we’re accustomed to, but hackers — who are continuing their activities unabated — may see this time of uncertainty as an opportunity. That’s why you and your employees need to be on guard.

The line between work and home blurs when working out of the “home office.” There are all sorts of small, seemingly inconsequential decisions made when working from home that may have significant ramifications. Choosing to wear your most casual attire when working from home might not seem like a threat, but it’s the mindset that comes with it that creates the danger.

There’s a tendency to let one’s guard down when normal home interruptions occur (children, pets, laundry, meals, etc.).  Now factor in a spread-out workforce, and all the ingredients are ripe for a successful spear phishing campaign.

In this new work-from-home environment, a call from someone purporting to be in human resources or accounting asking for a login or credentials might well be responded to, when it’d be flagged in the typical office environment.

A reminder to our clients about these vulnerabilities

Printers: This isn’t a cybersecurity issue as much as it a general security issue that is easy to overlook. Working from home may require one to use their own printer to obtain hard copies of documents. Make sure people aren’t printing sensitive company projects or financial data and leaving it strewn around the house.

Someone may think that only their cat will see the data, but laws like HIPAA mandate security, even off-site. Employees need a plan to destroy documents in an approved way when dealing with sensitive data.

Personal devices: With more employees working from home, the temptation to use one’s Gmail account or phone’s text messaging to communicate with coworkers is going to be hard for many to resist. “By communicating within your company’s established framework, you have more cybersecurity protections but also legal protection. Just imagine the fall-out if credit card numbers or PHI were compromised because you were sloppy,” warns Bianca Turner, a cybersecurity consultant in St. Petersburg, Florida.

Cloud storage: This is mainly a potential privacy issue. Undoubtedly, the surge in remote working will cause cloud-based document collaboration to be used even more. Teams can work remotely on a text-based project quickly and seamlessly.

But beware of the program’s link sharing features, which if not monitored, can result in a privacy train wreck. Unless you are sending out a press release or some other public document, there’s no reason to have it turned on. You may end up sharing proprietary company data with a far wider audience than intended, if you have link sharing enabled.

If Proxurve setup your Microsoft 365 environment, we implemented policies to safeguard against threats like this. However, if you implemented Google Docs, this could be a security issue. If someone doesn’t want to create a Gmail account (it takes about 30 seconds to do so), then you’re better off just sending someone a document attachment and sharing back and forth. You’ll lose the Google Doc features, but the trade-off is privacy.

In addition to Google Docs link sharing vulnerabilities, never get too complacent on Google Docs. Google scans anything you create and then they utilize the data obtained to serve you ads or beef up their algorithms.

Please stress to your employees that there is a need to view their home space as office space and organize it accordingly.  “Try to have a designated work area where you do work. You don’t want your whole house to become an extension of the office. Doing this helps maintain separation and balance between work life and home life,” advises Brian Alcorn. It can also tip the balance between creating a cybersecurity cesspool and a secure, safe environment.

If you have any questions regarding these potential vulnerabilities, or anything else regarding working remotely, please do not hesitate to call us. We are here to support your business, to ensure we all make it through these uncertain times safely, both personally and professionally.