How to Make Working from Home More Secure
By Jackie Snow
During this global pandemic, companies are rightly considering the health and safety of their employees first by sending them home to work. But these measures could amplify another threat businesses need to be wary of: Cybersecurity.
According to a recent HP survey, 74% of employees are currently working from home, many without a dedicated office space or the cybersecurity defenses that protect them while they’re in the office. Since it’s unclear how long mandatory work-from-home measures will be required, employers need to put best practices in place now to keep employees and their work safe.
“It’s easier to secure everyone when they’re all sitting in the same office,” says Michael Howard, HP’s chief security consultant for print. “But when you start looking at everyone working from home — the complexity of keeping everybody secure becomes much more difficult.”
Even before the coronavirus, more than a third of CIOs said they felt the biggest security threat to their business was employees who don’t take the proper security measures. And security is not just an issue for large enterprises — according to a 2019 report from Verizon, 43% of data breaches target small- and medium-sized businesses. Working from home without an IT department, with the added stresses of trying to wrangle kids also off from school and stay healthy during a pandemic, is only making it harder to maintain the best digital security practices.
“We know workers that work from home tend to be more lax about security,” says Howard, who’s heading up HP’s companywide security outreach to support customers working from home. “That’s an even bigger concern in this environment.”
Here are some of the best ways to mitigate the most significant threats that come with remote work.
Reinforce digital and behavioral defenses
Working from home means using personal Wi-Fi, which is not as secure as being on the network in an office. Gagan Singh, VP of strategy and innovation for HP’s commercial PCs, says that companies need to invest in virtual machines that can be segmented to ensure the whole network isn’t infected if something does happen to one remote computer. Next-generation antivirus software also provides protection, especially since an administrator can manage it remotely and keep it up-to-date, since employees might be tempted to disable the software when it causes their workflow to slow down.
There are also basic best practices that employees can follow to protect business data. This includes never saving and never downloading the organization’s information to personal devices and being proactive about their passwords. A few suggestions: Not using work passwords for personal devices (and vice versa), changing passwords immediately if there is even a hint it was compromised, and adjusting settings so that the “remember password” functions are turned off when logging on from personal devices. While it would be ideal for technology to help automate some of this, many software makers are scrambling to update their systems for remote workers.
Most enterprise businesses already have a cybersecurity governance code in place, which includes an information security policy and other policies that outline security guidelines for remote work and remote access to a company’s information systems. This document needs to be checked to see if it’s up to date and adequately detailed to guide employees to best practices.
“Managers should be very familiar with what the guidelines are, and be talking with their teams about it regularly,” Howard says.