As diagnosed cases of the coronavirus increase globally, “social distancing” and “flattening the curve” have entered the common lexicon—and earned hashtag status in the United States. Many companies are doing their part to support government directives by encouraging employees to work from home.
Remote work is a commendable response to COVID-19—and has long-term benefits for organizations, including increased productivity and decreased operation costs, according to a Forbes article.
Helping protect employees’ health is critically important during this pandemic, but companies must also consider their online security as the number of remote employees increases. If your company doesn’t already have remote work policies, now is an optimal time to add them to the employee handbook.
Read on for four recommended cybersecurity guidelines to include in the handbook to protect your remote workers and your company’s data.
Strategy #1: Keep the Personal and Professional Separate
When employees’ homes become their workplace, separating their personal and professional lives gets more challenging. But doing so is important not only so they can maintain a sense of work/life balance but also to ensure company information stays protected and off of employees’ personal devices.
How do employees keep the personal and professional separate when working from home?
- Use unique passwords: Personal and work passwords should be strong and distinct. A lot of advice exists on creating a strong password, such as How-To Geek’s article “How to Create a Strong Password (and Remember It).” If your company doesn’t already provide password creation guidelines, consult expert advice, determine what works best for your company, and give employees tips or even rules on creating strong passwords.
- Keep work e-mail and personal e-mail separate: Optimally, employees should check personal e-mail on personal devices rather than on work devices. At the very least, employees should use different log-ins and user accounts to access each, according to e-mail security provider MailRoute. Otherwise, a virus from personal e-mail could infect work e-mail or even the company’s network.
- Don’t use work devices for personal purposes: As just mentioned, this means not checking personal e-mail but also not logging into personal social media accounts on work devices. Employees should secure their device access with a password and not let children or other family members use work-issued devices to watch videos or anything else.
“Treat your work-issued laptop, mobile device, and sensitive data as if you were sitting in a physical office location,” said veteran cybersecurity executive Andrew Hay in a Business News Daily article. “If you think of your laptop and mobile devices as work-only assets, it makes it far easier to control access to sensitive data and remain data-aware.”
Strategy #2: Enter Data Only on Authorized Websites.
When an employee types a Web address into a browser, the browser and website communicate, sharing important information. That includes an identifier that’s unique to the browser being used. It appears to the left of the search bar. These identifiers let the employee know if the site is secure and authenticated.
Secure sites have Transport Layer Security (TLS) or Secure Sockets Layer (SSL) certificates. TLS and SSL are computing protocols that use encryption to protect any data entered on the site. TLS certificates can also confirm that the website belongs to the company identified in the certificate.
Employees may not realize the potential risks from visiting unauthorized websites, which could be phishing sites collecting personal information such as passwords and credit card numbers for nefarious purposes. Checking for additional information on site authenticity can help.
Inform your remote employees of the importance of checking for TLS/SSL certificates on websites they visit. Make this level of caution a directive to increase compliance among your workforce.
Strategy #3: Use Multifactor Authentication.
For security, many sites require that users offer some evidence (or factor) of their identity before gaining access. It could be something they know (like their mother’s maiden name), something they have (like a bank card), or something they are (a physical characteristic like a fingerprint or typing speed). Using two factors is called two-factor authentication.
Employing multifactor authentication (MFA)—and not simply two-factor authentication—can make it incredibly difficult for hackers to gain access to your network and data. In addition, request that employees turn on encryption on their personal wireless routers (many routers will offer either WPA2 or WPA3) to boost the router security. Read more here…
Source: HR Daily Advisor