Your remote employees need data protection, too

Most offices have been closed for weeks and employees are settling into the new normal of working from home. But while that transition may seem complete, the move from office to home can open vulnerabilities hackers can take advantage of.

“The world is shaken upside down, people have to stay in business and they are rushing a solution in,” said Mark Finlayson, senior security analyst at Annville Township, Lebanon County based Candoris. “Once you get set up and if you didn’t do it properly, that is a feeding frenzy for the bad guys.”

Cyber security experts suggest ensuring that workers are practicing basic security hygiene that can make sure a company’s data remains where it is supposed to be and to begin looking at further security options to prepare for long-term remote working.

The first step is ensuring that the basics are covered, said Evan Kline, an attorney at York-based KBG Injury Law who works with his staff on security hygiene.

While it may seem obvious, Kline said, home-bound workers should start by ensuring their phones, tablets and computers are secured with different passwords. Kline suggests strong numeric passwords that can be saved on an online password manager with its own unique code.

“You don’t want to reuse passwords,” he said. “You could practice the best security in the world, but if a hacker gets that one password, they will try it on your other services.”

Along with a secure password, be sure to activate encryption on all devices, which scrambles the data on a computer or phone, making it illegible.

When accessing office data from a home computer, many companies rely on virtual private networks or VPN’s. VPN’s allow a user to send and receive information to their company’s network as if the computer was connected directly to it. However, while VPN’s are a viable solution for companies, particularly small businesses, any data left on an employee’s computer could still be susceptible to theft if hasn’t been protected, Finlayson said.

“Just because you have a private tunnel from an unpatched laptop back into headquarters, doesn’t mean you are safe,” he said. “It’s encrypted from end to end but it doesn’t mean the data is scrubbed from both sides.”

If your company is using a VPN, Finlayson says make sure both the office network and the computers networking into it are safe.

Both Finlayson and Kline recommend using two factor authentication when possible. Two factor authentication is a password method where a user logs into a service and then receives a unique code on their phone that they must also use before getting into their account.

Virtual desktops are another solution that Finlayson offers. They can be safer than VPNs, he said, because everything being done by the remote worker is being saved on the company server, not the worker’s private computer.

Most security solutions are void if employees aren’t trained on security, said Kline.

“Trained employees can spot emails with poisoned links,” he said. “Were you expecting that email? If it’s a service you use, don’t click on that link and just go to the service yourself.”

Keeping aware of what internet connection you are using. Stay away from public Wi-Fi and only use a work computer, said Finlayson.

“It’s critical that employees don’t go home and get really loose about where documents live,” he said. “They are home, in their pajamas and they don’t think about data governance.”