LitcomLitcomLitcomLitcom
  • Home
  • About Us
  • Our Team
  • Services
    • Strategic Advisory
      • IT Assessment & Roadmap
      • Digital Transformation
      • Security Awareness & Compliance
      • M&A Technical Due Diligence
      • Data Protection and Privacy Services
    • Implementation
      • Business Intelligence & Data Analytics
      • Vendor Selection
      • Post – Merger Technology Integration
      • IT System Implementation & Optimization
    • IT Staffing Solutions
      • IT Staff Augmentation
      • IT Executive Search & Recruitment
      • IT Contract to Hire Solutions
  • Client Projects
    • Consumer Products & Retail
    • Healthcare
    • Manufacturing & Distribution
    • Private Equity
    • Services
    • Transportation & Logistics
  • Insights
  • Contact Us
    • Careers at Litcom

Staying Cybersecure While Working from Home

Litcom Team 16 April, 2020
COVID-19 and the Shift to Remote Work - Staying Cybersecure While Working from Home

As the pandemic forces many employees to work from home, can your organization stay productive – and safe?

More and more companies are offering the option of working from home — or even requiring it, in an effort to keep their workforce healthy in the face of the spreading novel coronavirus.

Now more than ever, managers and leaders in all sorts of organizations are seeing the benefits of allowing remote work or testing it out for their company. However, they are also thinking about the challenges and risks that come with allowing their employees to work from home.

You or your company may be in this situation right now and wondering, what are the risks of working from home, or another remote location? What kind of security or privacy issues could this introduce for our company? How we mitigate these concerns?

Mitigate the Risks of Remote Workers - Have a Work from Home Policy

Having a defined “Remote,” “Work from Home” or “Teleworking” policy is a must if your company plans on permitting staff to work from other locations that are not your office. This can help reduce the inherent risks of working remotely by establishing a set of procedures that your employees must follow in order to work from home.

Some examples of procedures that need to be included in your remote working policy include:

  • Process for approving remote workers
  • Defined responsibilities for employees
  • Outline what each user must do to secure their remote workspace
  • Outline workstation or device hardening steps (this can be a separate policy or reference another policy)
  • Ensure encryption is used for all data that is stored and in transit
  • Mandate use of a VPN (Virtual Private Network) for remote workers
  • If there is an incident, outline the procedure for reporting it

While having a policy will help reduce the risks, the policy also needs to remain up-to-date and when it is being created or updated should have the input from your Information Technology team or an information security expert. Any policy involving information technology or data privacy should also involve someone who understands the subject matter and not only a member of the HR team. You must also remember that information security policies are not static documents, as threats change and new technologies emerge, your policies need to stay current as well.

Make Sure You Have the Right Tools

Having a policy in place will let your employees know what they need to do and how to do it but providing them with the right tools will also reduce the risks of working remotely. Depending on your company and the role of your employees these tools may vary. The following are examples of some tools that may be helpful in Remote Working policies:

Virtual Private Network (VPN)

A VPN provides your business with a securely encrypted connection to the network over the public internet. It provides an important piece of layered security that’s essential for data protection. Using a VPN gives you the ability to remotely access important network resources and connect your company’s branches and locations worldwide. This is extremely important during pandemics (and even just during flu season) when working remotely is the only choice.

Password Manager

Password Manager tools will help the user store their passwords and generate secure ones. They help reduce the risk of employees using the same password for all services. Good password management is often neglected when it comes to mitigating cybersecurity risks, but all it takes is one compromised password for a hacker to take over your accounts and gain access to critical systems for your organization. When a database is breached, attackers will incorporate leaked passwords and usernames into their tools to perform advanced types of attacks, such as brute force attacks, attempting millions of password and username combinations in a matter of seconds.

Beware of Phishing Scams

Hackers are taking advantage of the pandemic to send phishing emails in mass. They will often take advantage of the fear around the virus to create convincing scenarios that will coerce employees into submitting their authentication information or to download malware that will allow hackers to perform further malicious acts. Some recent phishing campaigns are attempting to replicate official government documents regarding the COVID-19 virus, allowing hackers to infiltrate malware onto the user’s computer. Some types of malware can be used to spy on the users, capture sensitive information and data.  Since a majority of communications are now performed through emails for COVID-19 remote workers, they are much more susceptible to fall for these attacks.

To spot a phishing email, check the sender’s email address for spelling errors and look for poor grammar in the subject line and email body. Hover over links to see the URL and don’t click links or attachments unless you trust the sender 100 percent. If in any doubt, contact the alleged sender using a phone number or email address that you find somewhere other than in the suspicious email.

Don’t Forget About Training and Best Practices

Having a policy and supporting it with tools can get your employees so far but educating and training them on best practices will help to explain and outline why they need to follow the policy and use the tools. You want your employees to care about cybersecurity.

Many companies offer some form of Security Awareness Training. However, this training is usually done only once a year and can quickly become outdated. Consider having monthly or quarterly training sessions helps to keep your employees informed, educated on threats and their responsibilities when it comes to your company’s information security program and working remotely.

Remote working can be a great thing for your company and employees but there are risks. In order to ensure the security of your company, its data, and your employees you need to have a foundation laid. This foundation should include a remote working policy (supplemented by additional information security policies), tools to protect your employees and training to ensure they understand their responsibilities.

Planning for the Future

The COVID-19 crisis is likely to be with us for a while. Organizations and their employees will be forced to make tough decisions rapidly, and enabling a remote workforce is one of those decisions. There are risks involved in accomplishing this at speed, but the security of your networks, devices and data shouldn’t be among them.

For additional information, please check out our webinar on ‘Privacy & Security Challenges During & After COVID-19.’

  • You may also like

    Be Aware of Covid-19 Scams

    Read now
  • You may also like

    Taking Pre-Emptive Measures | Is Your Organization Protected Against a Data Breach?

    Read now
  • You may also like

    Addressing Cyber Security Challenges | Six Questions CEOs Should Be Asking Their IT Team

    Read now
  • You may also like

    Transforming IT in the Organization to Deliver Improved Business Value

    Read now
  • You may also like

    What is Your Organization’s Outsourcing Strategy?

    Read now

Contact Us

Address
1275 Finch Ave West, Suite 708
North York, Ontario M3J 0L5

Phone Number
1 800 223 7282

Email Adress
info@litcom.ca

Connect with Us

Menu

  • About Us
  • Meet Our Team
  • Services
  • Client Projects
  • Careers at Litcom

Insights

  • Construction of a New Privacy Regime
  • Data Integration | Centralizing Your Organizations Data into a Single Platform
  • How ERP Optimization Can Help Your Organization Be More Productive
Copyright 2020 Litcom Consulting Inc. | All Rights Reserved | Privacy Policy | Terms of Use
  • Home
  • About Us
  • Our Team
  • Services
    • Strategic Advisory
      • IT Assessment & Roadmap
      • Digital Transformation
      • Security Awareness & Compliance
      • M&A Technical Due Diligence
      • Data Protection and Privacy Services
    • Implementation
      • Business Intelligence & Data Analytics
      • Vendor Selection
      • Post – Merger Technology Integration
      • IT System Implementation & Optimization
    • IT Staffing Solutions
      • IT Staff Augmentation
      • IT Executive Search & Recruitment
      • IT Contract to Hire Solutions
  • Client Projects
    • Consumer Products & Retail
    • Healthcare
    • Manufacturing & Distribution
    • Private Equity
    • Services
    • Transportation & Logistics
  • Insights
  • Contact Us
    • Careers at Litcom
Litcom
We use cookies to ensure that we give you the best experience on our website.