Key Practices in Cybersecurity and Privacy for Effective Working from Home

Apac CIO Outlook | Friday, March 26, 2021

Fremont, CA: As reported in the news, the abrupt shift to employees working from home creates new cybersecurity risks for companies and employees who work remotely. The following are ten critical measures that can help mitigate these significant risks.

Tightly Control and Access Encrypt Data to Encrypted Data

Encrypting data at rest and in transit remains critical to information security. Employees should be instructed to save their job on the employer's system (rather than on company-owned or personal devices). When working with third-party vendors, review contract terms to ensure adequate data protection.

Implement Secure Devices to Remote Employees

Most employee-owned personal computers lack significant malware and encryption protections, and hackers are still exploiting personal computer vulnerabilities. Such flaws raise the risks to data on these personal computers as well as data accessed from those computers (including data that resides on company servers accessed remotely). This is critical for organizations subject to the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), and other regulatory schemes. Given these vulnerabilities, employers may want to require workers to keep all work data on company-owned devices and avoid cloud-sharing apps that have not been vetted for privacy and security. Restricting the diversity of storage repositories helps limit the number of potential avenues of attack.

Improve Password Strength, VPN Security, and Telephone/Video Conference Protections

Access to the employer's virtual private network (VPN) can require multi-factor

authentication (especially if employees are using their own devices to obtain such access). Because employees cannot communicate in person, multi-factor authentication and strong passwords are more important. Reiterate the importance of using strong passwords and keeping those passwords secure. Weak or stolen passwords continue to be a major source of information security breaches.

Inform workers who discuss confidential matters over the phone or through videoconference of the dangers of intruders listening in and seeing such conversations. Such intrusions are minimized by sending conference coordinates (such as a meeting identification number) and passwords separately. Turning on participant identification features and using technology that allows a moderator to delete unexpected participants will assist in ensuring that only approved people participate.