For many in the United States and elsewhere, we are entering week two (or more) of mandatory or recommended work from home. That means in many instances parts of apartments, condos and houses have been transformed into places of work. That dining room table with the fancy centerpiece? Now your laptop is the centerpiece and your papers are strewn around. That guest room? Now a makeshift office of its own. And let’s not forget about everyone else who calls your new office home as well. Roommates, significant others, spouses and children all pose distractions—and potential security risks—to your home office. As we adjust to this new normal, what follows are some reminders and best practices for keeping data and information secure.
Cybercriminals See This Moment as an Opportunity. Since countries have gone to “shelter in place” and mandatory social distancing, there has been a marked increase in cybercrime or attempted cybercrime. While ransomware and malware—specifically through COVID-19-related websites—is the flavor of the month with respect to cybercrimes, the “old fashioned” phishing and hack attacks have not gone away. To protect your computer—and your company’s data—there are some basics to remember:
If you receive a suspicious e-mail, be sure to examine it closely. Does some package delivery service really need your password? The answer is no. Did your boss really just ask you to send all of the W2 reports or accounts receivable in a single e-mail? Probably not. Give them a call and check. Just because you are working from home does not mean you should forget to adhere to these basic protection techniques.
Remember, you are still “at work.” You have a new laptop that your company gave you so that you can access the network—great! There are no limits on what you can download and install on it? Uh oh. Be careful. While we are all creatures of comfort and like to have our machines set up the way we like, be careful about downloading and installing software onto your work computer (if you are even able to do so). Many a cyberattack starts because someone downloaded something to their personal or work laptop and then logged into their work e-mail or network. If you don’t know what a file is, don’t download it, and definitely don’t install executable/program files that you are unfamiliar with. If in doubt, call your IT department.
If you are part of your company’s incident response team, be sure you know how to contact the remainder of the team and that the team knows how to contact you. If your systems are compromised, you may not be able to communicate by email, and of course you cannot just walk into each other’s offices to speak.
Social Networking While Working From Home. We’ve all seen them already, selfies of people’s work-from-home offices. Some of them are amazing. Five computer screens, papers neatly organized, file folders in place, but what happens when you zoom in on those photos? Can you all of a sudden see a draft of a privileged or confidential document? Are you about to close a large, but confidential deal with the signature pages on your desk? Just as you would be careful about posting
Close the Door or put in Ear Phones. Do you live in an apartment with thin walls? Living with houseguests? Turns out, when you are on the phone or on videoconference, they can probably hear what you are saying. If you are on a client call—or even an internal work call—shut the door, lower your voice, and if possible, use ear phones when you are in a space where others might hear you.
Safely Dispose of Hard Copy Documents. Had a box of paper sent to you from the office? Printed something so you could edit it? All reasonable things to do while working from home. But, what do you do with the paper when you are done with it? Throwing it in the garbage is probably not the right answer. Confidential or sensitive documents should be disposed of appropriately. Often that means shredding them. If you don’t have a shredder at home, consider starting a box in your home office of paper to be shredded once we are able to return to the office. Your office may also be able to arrange for a secure pickup of documents to be shredded. What you should not do is just recycle or throw out those highly confidential hard copy documents.
Have rules around signing documents. Whether it is letters, invoices, or agreements, documents will most likely need to be signed electronically during this period. Be sure you know what procedures are in place for approvals, just like you would if a document is being physically signed.
We are in a brave new world of work-from-home for millions of people. What should not change, however, is how a user protects their data and their clients’ data. The reminders in this alert should be just that, reminders that even in this unique time, there are some standard things can be done to protect clients, ourselves and businesses, all of which should be familiar.
Working from Home: The Privacy Risks You May Not Be Aware Of