There is an inevitable issue that businesses are facing as a result of the societal response to the threat of COVID-19. In an effort to foster social distancing practices and prevent the spread of the novel coronavirus outbreak, more and more companies are instructing their employees to work from home.
Though remote work has grown in popularity and use among today’s companies, many of the employees who are now opening their laptops at their kitchen tables each morning have never worked from home for an extended period of time. Unfortunately, this means that these employees may also be unaware of the cybersecurity best practices to implement when it comes to remote work.
Companies that are shifting to remote work in order to protect their employees’ health in the COVID-19 pandemic should also consider the importance of protecting their data as a result. Below, we outline some items of concern with this temporary shift in the workforce to help businesses make the proper considerations and prepare to act when the need arises.
1. Encourage Home Network Assessments and Updates
It’s important to encourage your team to take the time to evaluate their individual home networks. Your employees need to make sure their home Wi-Fi has upgraded security with the use of WPA2 security.
Creating stronger passwords is also highly suggested to strengthen your team’s home network security. Encourage your employees change their home Wi-Fi administrative user names and passwords from the default ones provided with the system. User names and passwords are usually the same throughout different routers.
2. Use Secure Websites
When employees use their home computers to access your company’s systems, it poses a security issue. Past downloads, previously visited sites and installed applications on your team’s personal computers may have malware or other viruses waiting to be submitted across nonsecure connections to other networks.
Using secure websites is a highly recommended requirement for employees deciding to use their home computers for remote access to systems and networks for your company.
The S in HTTPS, which appears at the beginning of a website address, stands for “secure.” This S indicates that all communication between your browser and the website is encrypted. Even if someone managed to break into an employee’s home connection, they wouldn’t be able to decrypt the data that’s transmitted via an HTTPS webpage.
3. Consider Factors Concerning Virtual Private Networks
There are several items to consider when it comes to the virtual private networks (VPN) being utilized by the business for remote access to company networks and information.
Companies can run into issues when all users try to access the system at the same time through a VPN when the licensing of VPN seats isn’t done correctly. If this isn’t corrected before employees work from home, this may require some scheduling of when users can access the network through the VPN.
Companies will need some method of thin client computing to support a remote workforce and must have the ability to securely share documents through a file sharing service or server (OneDrive, ShareFile, SFTP or FTP-S).
Often, remote access is limited to IT and a select few other team members, so capacity may need to be ramped up. For those with on-premise systems and remote desktop server, an RDP gateway positioned in a firewall DMZ network segment is a recommended safeguard.
Making sure VPNs, devices and network infrastructure devices are kept up to date with latest configurations can do a lot to help protect your business.
Threat notifications communicate increases in network attacks (attack detections, log reviews and phishing attempts).
We recommend requiring multi-factor authentication on all VPNs and in remote user access, in addition to continued strong password requirements.
Testing Load Usage
It’s important to test infrastructure limitations in preparation for increased usage and to consider upgrading to higher bandwidths.
The National Institute of Standards and Technology (NIST) guides and Department of Homeland Security (DHS) documentation on securing networks and protecting users and passwords are great tools for implementing teleworking guidance in quick order.
Utilizing voice over IP (VOIP) technology for voice traffic, instead of using standard phone lines can be incredibly advantageous, especially when companies have employees working remotely some of the time.
However, it’s important to take into consideration that there are some issues related to voice traffic limitations. These limitations may require employees to forward calls to their cellphones, which may result in reimbursement for business use of personal cellphone concerns.
Equipping Your Team to Work Remotely as a Response to COVID-19
Uncertainty awaits the global business world and the employees that make it happen. Helping those employees understand the need for heightened security concerns (especially in a time like this) is invaluable to an organization for its continued longevity and purpose.
This article reflects our views at the time this article was written and should be used as reference only. We recommend that you talk to your Warren Averett advisor, or another business advisor, for the most current information or for guidance specific to your organization.