COVID has been responsible for a variety of changes to both our personal and professional work environments. Most notably, employees began to work remotely. And while companies were forced to adapt to a new way of conducting business, many companies realized their employees are just as productive, if not more so, working from home. In addition, for many, overhead and expenses decreased, and employee satisfaction increased. However, while the benefits of telecommuting were numerous, remote work environments have challenged the security of organizations leaving them much more susceptible to cybersecurity threats.
With more than 4.3 million people in the United States now working remotely, below are four tips to harden the security of your remote work setup:
Set Up Multi-Factor Authentication (MFA). Multi-factor authentication is a process that neutralizes the risks of compromised passwords. With MFA in place, if a password is hacked, the hacker cannot access your data without confirming their identity in a second step. In a typical configuration, once you log in with your username and password, the password is validated by an authentication server. If it’s entered correctly, the user must now perform a second step to confirm it is in fact them. For example, the authentication server might send a push notification to a second-factor device such as your phone. You will then be required to approve the notification on your phone to confirm it is indeed you. As another example, MFA can use biometrics like a fingerprint, face, or eye scan, as a second authentication step. This two-step process greatly reduces the chances of compromised passwords and access to proprietary data.
Use A Virtual Private Network (VPN). VPN software protects your information by masking your device’s IP address, encrypting your data and routing it through secure networks to servers. This process hides your online identity, ensuring that you are able to browse the Internet more securely and anonymously. While connected to your home Wi-Fi, your internet service provider can access all your internet data. Companies are often susceptible to data breaches which means your information may be at risk. Additionally, a VPN will limit or prevent apps and websites from attributing your online activities to your computer’s IP address. It can also limit the collection of location and browser history. While many individuals and companies still use VPNs for all remote access, they need to understand that a VPN has limited capabilities. If organizations need stronger and more advanced security solutions, they should start looking for alternatives to VPNs for remote access, especially when dealing with the specific unique access needs for different types of users. A VPN is not a good catch-all technology for all remote access use cases, especially for third parties and vendors.
Set Up Strong Passwords. With the increase in remote employees and in the amount and ease of information exchanged online, it is more important than ever to make sure the passwords you choose are difficult to figure out or hack. General rules for secure passwords are as follows:
• Use a combination of at least eight letters, numbers, and symbols
• Do not use names or words found in the dictionary
• Do not use any information that pertains to you or your family i.e. where you live, your interests, birthday, etc.
• Do not reuse passwords
• Do not use sequential numbers or letters
• Change your passwords regularly
• Use passphrases, i.e., a longer string of text that makes up a phrase or sentence
Keep Your Software Up To Date. It’s critical to have the latest software versions installed on your computer. Software updates often include security patches, which reduce the chances of a malware infection. Updating your software repairs security holes and fixes bugs that may have been discovered. Hackers love software vulnerabilities which are holes or weakness found in a software program or operating system. They can take advantage of the weakness by writing code to target the vulnerability. The code is then packaged into malware which can steal data saved on your device or allow attackers to gain control over your computer and encrypt your files.
Setting up a secure remote workspace takes time, regular attention and collaboration with your team of knowledgeable professionals. The above-mentioned tips will help companies and employees get started in protecting those working remotely from cyberthreats.
John Wittwer is a Senior Member at The Cavanagh Law Firm focusing on cybersecurity and privacy, insurance coverage, professional liability, and commercial litigation.