Cybersecurity Best Practices When Working From Home
by Joshua Silberman, IT/Cyber Security Consultant, MGO Technology Group
As a large percentage of the US workforce transitions to work from home (WFH) situations due to the COVID-19 pandemic, we’ve looked at challenges that many organizations may face in setting up work from home (WFH) environments, as well as one of the most common tools used in making WFH resources available to your staff. Today, we’ll look at some of the best advice you, your IT team, or your managed service provider can provide your staff as they continue to work from home.
1. Turn on your corporate VPN, if provided, as soon as you login.
As stated in our previous article, the Virtual Private Network (VPN) is designed to make the connection between your employees and your corporate resources secure. Employees should get in the habit of activating the VPN as soon as their work or home laptops are turned on.
2. Change your password regularly
It is recommended that firms have a special procedure for incorporating password changes while employees are remote. For example, some setups require employees to be logged into the VPN before they initiate the password change on their own devices. Your employer’s technical staff or MSP should formalized the procedure and make it publicly available to you.
3. Avoid sharing your password
Sharing of passwords goes against almost everything we know about cybersecurity. However, in these times extraneous circumstances may require a transfer of passwords, especially in cases of troubleshooting. Try to avoid sharing your password, but if you must, follow these simple rules:
- ONLY share your password with a trusted source whose identity you can verify. This includes your local IT department or MSP. If you have any doubt about who you are sharing your password with, DO NOT SHARE IT. The inconvenience of not sharing your password is not worth the potential damage that could be caused by a data breach.
- ONLY share your password through a secure method. The safest is a phone call, but if you must use a messaging service, try to stick to simple SMS and do not use apps such as Facebook Messenger.
- As soon as the task requiring the password share is completed, change your password immediately. The longer this action is delayed the longer you and your firm are at risk.
4. Avoid letting other family members use your corporate laptop or devices.
It might be tempting to hand off your device to a family member for a simple task, but remember that in most cases you do not own your corporate devices and are liable for any damage or data leakage caused by your family members.
5. Be mindful of who is around you both virtually and in person.
Picture this scenario: You are on a call with someone in which confidential information is shared. A family member overhears and decides to share this information over their personal social media page for exposure, perhaps not understanding the confidential nature of this information. Suddenly you have a potential data breach of confidential information on your hands.
Though quarters might be tight, it’s important to be cognizant of who is around you at all times. This may include having discussions with family members so they understand that what might see or hear from you is confidential.
6. Remember that, in most cases, your work devices are not yours.
When you are issued a device, it usually comes the legal caveat that the device still belongs to the company along with anything that is introduced to that device. In most employment agreements the employer stipulates that they have the right to access, search, seize, and erase the device at any time. So if you have personal files and photos on any of your work devices, it would be prudent to move or back them up to a personal storage space.
7. Always listen to and follow the advice and notices of your IT staff.
As the COVID-19 situation progresses, new guidelines and rules may have to be developed. These should be communicated to you by your technical staff, HR personnel, or MSP. Assuming the source is verified, you should follow their guidance to the best of your abilities.
8. Never hesitate to ask questions of your IT staff if you are unsure of something.
In the realm of IT Security, there are no stupid questions. Your company has every interest in keeping you productive and safe. You can do your part by engaging with the IT staff or MSP through established channels. This can range from a critical system failure all the way down to reaching out to verify if new guidance you might have received did in fact come from the.
9. Consider how your family activities might affect available bandwidth in your home.
As you work from home, the strain on your home internet connection might become apparent as more devices are using the connection for longer periods of time. This will be especially true if you are home with other family members. You may notice lags on conference calls or the VPN taking longer to connect than usual.
While you can work with your internet service provider to see if you can increase the amount of bandwidth allocated to your house you may also want to consider network usability times with your family. This may be difficult, especially given the bandwidth resources needed for online school learning, but could be a necessary step in ensuring you have enough bandwidth during critical times such as video calls and high volume file transfers.
Ready to learn more? Join us for our up-coming webinar: Cultivating a Culture of Cybersecurity Awareness. Register here.