Organization embraces working from home: How well is your data secured?
Working From Home has become a new culture in the business world and information security IS a top priority. The World Health Organization declared the coronavirus COVID-19 outbreak as a pandemic on March 11, 2020. Governments worldwide were scrambling to grapple with this new reality. The world needed to take drastic measures to contain the spread of this quick spreading virus. Social distancing is one of the key measures in the effort to fight against the COVID-19 outbreak. Governments worldwide started enforcing strict lockdowns and stay-at-home orders. Organizations too took exceptional measures to safeguard its employees, customers and others against the health threat which was being posed. To maintain ‘business as usual’ organizations suddenly had to embrace ‘work from home’ wherever feasible.
Traditionally, in a set up where working from home is allowed, organizations prepare for it in terms of the protocols to be followed, means to access the company network etc. so that information security IS would not be an issue, but with everything happening so suddenly many organizations have had to embrace ‘work-from-home’ without time for preparation and in this scenario data security could be a cause for concern.
Measures taken to increase information security IS for working from home
Some measures that could be taken to mitigate this risk are:
Develop a Policy
A policy on work from home should clearly indicate what the virtual workforce needs to do and what is expected while working from home. This policy may also include a security update schedule, approved messaging and video conferencing applications (that have end-to-end encryption), and guidelines on required back-ups for embracing teleworking.
While working From Home Secure your Home Router
Companies and organizations plan for network security because they know they need to safeguard their data. But when employees use their home network when working from home it is important that they know that it is very important to secure your home router. Just protecting the computer will not be of much help if an attacker connects to your Wi-Fi. An unsecure router can use to intercept everything which is done online, including passwords for remote access to a corporate office computer or emails. Therefore, one should be using WPA2 encryption with a strong password and change passwords on a weekly basis. The default password of the admin account should be changed and the firmware of the router should be upgraded. Changing the default IP address http://192.168.1.1 would further make it difficult for an intruder to intercept it.
Update Operating System
The operating system on computers are updated from time to time, these updates come with fixes (patches) for any vulnerability discovered in those OS. Thus it is very important to update the Operating System software.
Update Anti-virus/ Anti-malware
Anti-virus/ Anti-malware software must be installed and fully updated. Also, Organizations undertake measures to protect computers from malwares and viruses, they update and install antivirus/antimalware software’s and restrict employees from installing any applications, or even restrict online access from unauthorized devices. At home, it is difficult to provide that level of security. But installing a good update antivirus can prevent it.
Maintaining a secured network is very important whether the employees are working remotely or not. Companies should consider having remote workforce use a virtual private network (VPN) connection when possible. A VPN is crucial for countering the increased security risks. While working in a VPN connection encrypts all internet traffic so that it is unreadable to anyone who intercepts it. All corporate business applications must be accessible only via VPN. Secure your home Wi-Fi with a strong password. In case VPN isn’t an option or if it fails for some reason.
A formal process should implement for reporting suspicious emails to the IT team and improve anti-phishing and spam defenses (i.e. URL blacklisting). It is important to make awareness on cyber security during this time as companies have already seen an increase in phishing attacks. Hackers are exploiting this situation, so look out for phishing emails. Also, if you suspect any email that asks to check or renew your credentials, try to verify the authenticity of the email even if it seems to come from a trusted source.
Enable Two-Factor Authentication
By enabling two-factor authentication which is an additional security code to login to an email account. As a result, it reduces the chance of an email account being compromise into and securing its data.
Train employees to identify and report various cyber security threats. Such training significantly reduces the risk of users opening malicious attachments or URLs and executing instructions on behalf of the attacker. Moreover, Phishing awareness campaigns can improve user’s alertness on how to handle suspicious emails. Smashing, whaling, pharming and spear phishing are some of the types of phishing.
Ensuring that data store on telework devices are back up. Backup refers to save additional copies of data in a separate physical or cloud based locations. Also, It is very important to keep secure, store, and backup the data on a regular basis. By securing the data it would help to prevent from:
- Accidental or malicious damage/modification to data.
- Theft of valuable information.
- Breach of confidentiality agreements and privacy laws.
- Release before data check for authenticity and accuracy.
Storing regular backups of the data protects against the risk of data being damage or lost. Due to power, software, hardware/media failure, viruses, hacking, or human errors. To use the Backup 3-2-1 Rule is very popular among organizations:
- Three copies of data
- Two different storage formats (hard drive/tape backup or flash drive).
- One offsite backup (two physical backups and one in cloud).
Moreover, Employees should understand that organizations data is a valuable asset which needs to be protected, backing it up ensures the data is easily recoverable and operations are not affected.
Technical support for working form home and information security IS
A teleworker might need assistance from their organization in making sure their devices have the required protections for teleworking. All employees don’t have the same level of technical expertise. So if an organization is concern about their data security. They should prepare to offer technical support as well.
Pros and Cons of Teleworking for an organization:
- Reduces cost for not having to provide office space.
- More productive towards their work.
- Large number of candidates can involve in work from home.
- Incurs costs for providing computer equipment.
- More difficult to monitor their performance.
- Risk towards information security.
Pros and Cons of Teleworking for a teleworker:
- Saves time and cost for work related travel
- Flexible working environment.
- Balance work and family life.
- May feel isolated from social interaction with colleagues at work.
- Slower internet may hamper work or video conferencing.
- Distractions in the home environment could hamper work.
- Lack of proper teleworking space at home.
- Lack of self-discipline to work unsupervised from home.
Organizations are considering the concept of teleworking keeping all the challenges in mind, if not at all the time, at least when needed. Teleworking does not have to jeopardize data security. Once teleworkers get training and the information security IS procedures get implementation. It can quickly become a standard practice that everyone in an organization can commit to and everyone within the organization can feel confident that they are doing all they can do to protect the security of their organization’s data. Thus, with lockdown in place and the rapidly evolving pandemic coronavirus COVID-19. Workplaces around the world face difficult challenge of adapting to the current need for social distancing by quickly converting to a work from home setup. While some organizations already had work from home practice. Whereas, Others have had to adapt virtually overnight.