Data Security Tips for Employees Working from Home
Cybercriminals aren't taking a break during the global COVID-19 (coronavirus) pandemic. As many U.S. employers ask that employees work from home to prevent exposure to the disease, businesses and individuals alike can become more vulnerable to the threats of malware, data breaches, and other efforts to ransom or steal data.
Concerns of Cybersecurity
"The concerns around business cybersecurity haven't changed all that much, but everything has been amplified," notes Kristin Harper, Paychex security operations manager. "The bad guys are still out there, working harder than ever to steal sensitive business information for their own nefarious purposes."
Among the most prevalent cybercrimes in practice today are phishing attempts that play on our fears and concerns about COVID-19.
For example, Harper says, "Cybercriminals send out fake alerts from the CDC (Centers for Disease Control and Prevention) or 'special' offers to buy your own virus test kits. The goal is the same as before — get the email recipient to enter their usernames and passwords or click on bogus attachments, so they can hijack precious financial and customer data."
Specifically related to the coronavirus, phishing schemes can also include emails that:
- Claim to originate with the World Health Organization
- Offer "great bargains" on N95 surgical masks and other protective gear
- Notify recipients that "you may know this person and have been exposed to the virus"
"No legitimate source would ever send emails like these," Harper notes.
<iframe allow="autoplay *; encrypted-media *; fullscreen *" frameborder="0" height="175" style="width:100%;max-width:660px;overflow:hidden;background:transparent;" sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-storage-access-by-user-activation allow-top-navigation-by-user-activation" src="https://embed.podcasts.apple.com/us/podcast/on-guard-why-it-security-remains-a-business-priority/id1507824762?i=1000539721643"></iframe>
How to Protect Yourself
She advises moving your mouse over a sender's email address to make sure it's legitimate. "Are you expecting this type of email from someone you know? Does the URL look strange or unfamiliar? Are there typos or other grammatical inconsistencies? All of these are big red flags warning you not to take the email seriously or download a suspicious attachment."
Take proper data security measures
Most likely, employers already have security measures in place to protect against cybertheft and other criminal activities. The key is ensuring employees make use of these measures in the home setting.
First, make it mandatory that any employee device comes with the most up-to-date security software. Other key safeguards include password protection technology, multifactor authentication for logins to a company portal, and added credentialing wherever sensitive business information is concerned.
Second, remote access should take place via a VPN (virtual private network), or secure communications channel with the best end-to-end encryption methods available. "A VPN protects your data as it gets transmitted back and forth between the company and remote employee," Harper says. "This offers a much-needed layer of defense for home networks."
Never download unauthorized software
Employers must also caution their remote workers not to download any software program that hasn't been officially approved.
For example, as noted by Norton, the antivirus and security software firm, teams employing collaboration tools such as video meeting rooms and instant-messaging platforms "might be tempted to download a substitute" if the company's system isn't working properly.
The right action to take? "Don't do it," Norton cautions, because that downloaded software could permit a security flaw into the system, enabling unauthorized access to sensitive business data.
The same principle applies to employees tempted to save or download confidential or proprietary company data to a personal device or hard drive.
Misguided shortcuts like "saving company materials to personal devices that have not been appropriately configured with security systems ... increases the risk of exposure to cybercriminals," warns the National Law Review.
Stick to proven safeguards
Harper reminds employers to continue encouraging their teams to practice good password hygiene.
"Require remote employees to regularly update their passwords, both on the network and on their personal routers. Don't use passwords that can be easily guessed, such as birthdays, addresses, a child's name, and so on. This only makes it easier for cyberthieves to gain access to your network."
And, as noted, only use security software offered by employers.
Another word of caution centers on increasingly popular collaborative resources like Zoom, WebEx, or similar programs. A new phenomenon, called "Zoombombing," describes a form of cyberharassment experienced by app users who report that "some of their calls have been hijacked by unidentified individuals and trolls who spew hateful language or share graphic images," notes.
To protect against this harassment, Harper advises employers to "make sure they can administer a meeting and 'lock the room' while the call is underway." A call administrator is necessary to monitor who participates in the call and who can lock the chat room down, if need be.
The disruptions to everyday business caused by the outbreak of COVID-19 make the need for high-quality cybersecurity more urgent than ever. By following accepted safeguards and requiring that employees working at home do the same, businesses should be able to protect themselves against emerging forms of cybercrime.
For more information about what your business can do to protect against cybercrime, download the white paper, How to Protect Your Small Business from a Cyber Attack.