With many of us advised to work from home on our personal devices during the coronavirus outbreak, it is important for companies to address the privacy risks associated with remote work so that their employees can safely work from home.
Concerns about employees working from home
On 13 March, 2020 the US Department of Homeland Security’s Cyber Security and Infrastructure Agency (CISA) released an alert regarding enterprise VPN use as part of their National Cyber Awareness System. With many companies encouraging their workers to do remote work at home for the time being, virtual private networks (VPN) are often being used as the solution to connect employees so that work can carry on despite the circumstances. However, this alert from CISA suggests that many risks may arise from cybercriminals trying to take advantage of the crisis. The Canadian Centre for Cyber Security has also issued an alert for telework security issues. Like CISA, they noted that with teleworking, or remote working, using your office’s network helps you to stay at work “as if you were at the office”, but there are a number of security issues that should be considered. This is not to say that telework/working from home should not continue, only that companies and their employees should take heed of these warnings, consider the risks, and take appropriate action.
Making sure virtual private networks are safely secured should be a priority for companies.
Privacy risks associated with working from home
According to CISA and the Canadian Centre for Cyber Security, the following privacy risks should be considered so that employees can safely work from home:
- phishing email scams aimed at gaining employee passwords/login details
- lack of critical IT privacy/cybersecurity updates/support due to the unexpected surge of IT help for those switching to remote work
- unauthorized access to devices – personal devices may not have the same security/protection as work devices
- compromised passwords, weak security, and online eavesdropping
- malware on devices used to hack into an organization’s network
Working from home safety tips
Luckily, there are a number of steps that can be taken to avoid/negate these privacy risks. In sum:
- Pay attention to your passwords
- Update, update, update!
- Test/Secure virtual private networks
- Be careful when using personal devices
- Follow established security protocol
Pay attention to your passwords
With the switch to virtual work, it is important to use a strong password (i.e. if you are one of those people who uses the password “password”, now is a time to make a change). Consider making a change to a more secure password (such as using a combination of letters, numbers and symbols instead of a word or word + year). Using 2 factor authentication for passwords would be even better because it adds an extra layer of protection to your devices/network. Additionally, make sure your home router is also secured with a strong password, and never leave your personal devices logged in if you are not in front of them. Paying attention to your passwords is an easy step you can take to work safely from home.
Make sure your passwords/login credentials are secured.
Update, update, update!
Keep your devices in top shape by making sure your security software is up-to-date! Make sure you have the appropriate firewalls and other network safeguards in place and updated. While it may seem like a pain to update your computer, often updates are released in order to fix/strengthen possible security flaws. Take the few minutes to update your computer instead of continually putting it off.
Take the time together to update!
Test/Secure virtual private networks
The CISA noted that due to the increased usage of VPNs, many VPNs may not be updated with the latest security updates and patches. If your company is trying to deciding what to prioritize, consider the security risks associated with leaving your VPN vulnerable. Someone could gain access to your company’s network and data.
Be careful when using personal devices
Now that many of us are working at home, we may have to switch to using our own laptops or personal computers to get our work done. To stay safe, consider the following steps: don’t let others use your device while it is being used for work purposes (in case they inadvertently put your company at risk), don’t leave your device alone (keep it somewhere safe), don’t use USB drives that are not authorized from your company, and always report anything you encounter that might be a security threat to your IT/cyber security team, even if you are unsure! The news has noted that there has been an increase in phishing scams, these email scams may be aimed at getting your password/login credentials. For advice on avoiding these scams, check out Spy-Fy‘s advice on how to recognize email phishing scams.
Be wary of the privacy risks when using your personal devices for remote work.
Follow established cyber security protocol
It is likely that your company has some sort of established cyber security guidelines in place. Don’t disregard these guidelines/protocol just because your office is now at home. For example, data storage protocols are important to follow so that personal data stays secure! Unsure of the protocol at your company? Ask! It is important to follow the recommendations from your company so that you do not put your company at risk.
Bonus tip: thank your IT guy/girl!
While we are all being impacted differently by this crisis, IT professionals have a challenging task ahead of them as they may carry much of the responsibility on their shoulders to keep your company’s data safe and protected. By following these privacy tips, and paying attention to any updates/alerts from your company’s IT or cyber security team, you can do your part to help everyone’s digital privacy stay intact.
At Spy-Fy, we value your digital privacy. That’s why we make premium privacy gadgets to help you stay protected! Be the agent of your own privacy.