Working from home: Securing your new workplace

Working from home is the “new normal” for many businesses and their employees. These arrangements may have been put together quickly and can often involve the use of unsecured devices and remote connections, but there are certain steps you can take to protect your employees and business. We’ve assembled an essential guide for you.

Recognize all the devices used by your employees

Remote devices

If you have employees working remotely, you should identify what kind of devices they’re using: company-provided PCs, laptops, tablets, smart phones and perhaps all of the above. Some of these devices may not be configured securely, either because they were used as a stopgap measure due to the rapid spread of COVID-19, or maybe you never got around to doing it. Due to the lack of opportunity to plan and coordinate alternate work arrangements, there’s a good chance many of the current touchpoints with your business may be unsecure.

Personal devices

Using a personal computer or device adds another layer of risk to your business. These devices might not be equipped with an antivirus, have installed security updates, or adequate security controls (such as a strong password). Once you have identified what kind of devices your employees are using, you can help them take certain steps to increase the security of their interactions with your business.

Keeping your workplace secure is everyone’s responsibility

Allowing your employees to use unsecure devices or connections is much like leaving the back door to your house unlocked, or your windows open. None of the cyber risks that your business faced before the pandemic have gone anywhere – in fact, some of them may have increased because hackers can take advantage of any temporary vulnerabilities and be on the lookout for organizations that haven’t secured their remote connections or protected their workers. We’ve already seen examples of phishing attacks using COVID-19 as the “bait” as one example of this kind of opportunistic behaviour. According to a recent Norton report, coronavirus-themed phishing emails can take different forms ranging from CDC alerts and health advice, to workplace policy emails. These criminals are looking for users to click on an attachment or embedded link, so they can have you download malicious software onto your device.

Securing the connection to your business

You can help your employees set-up a secure remote connection to reduce any unnecessary risk for your business. If you’re looking for a place to turn for more direct assistance, we have advisors that can help you design and implement secure configuration settings, including all hardening configurations and Minimum Baseline Security Standards (MBSS) as well as the associated policies and procedures, to reduce any risks while connecting remotely.

Reviewing and ensuring your remote connections are secure will give you peace of mind that your most important assets – your people, your know-how, your technology – are protected from hackers. As COVID-19 is already a major challenge, you don’t need to add in a cyber attack like ransomware or a data breach.

Physical access isn’t required to review your security configurations as well as assess and update your employee’s remote connection.

Additional resources to help your businesses stay safe:

Tips to strengthen your company’s passwords: a guide explaining password protection software (to generate secure passwords for each sign-in) and using two-factor authentication (which incorporates another security element in addition to the password).

Don’t think a ransomware attack can happen to you? Think again: details steps you can take to protect your business including cybersecurity awareness, anti-virus and anti-malware software, and the proper installation of security patches.