The way in which we work has seen a dramatic shift following the peak of the COVID-19 pandemic. While few firms have mandated a full return to office (RTO), most have adopted a hybrid approach. The argument from remote work die-hards is that they are as productive working at home as they are at the office. While true for some, the reality is remote work presents a higher exposure to sensitive information being hacked as our guard is most relaxed when at home.
While some remote workers have an office set-up in a dedicated room in their home, many of them have less than ideal set-ups that offer plenty of distractions (working from your bed or outdoor patio), increasing the likelihood of carelessness with sensitive information. For those looking for the ultimate distraction, the local coffee shop may offer strong coffee but extremely weak Wi-Fi security.
Hybrid work has also increased the use of videoconferencing, another major exposure that can be exploited. Without a proper login process in place, your videoconference could have unwanted guests with their video off, displaying a phone number or “iPhone.” Bad actors can then listen in on privileged conversations, or post malicious links into the chat function to gain remote access to your system.
To protect the integrity of your data while working remotely, the following guidelines can help mitigate the chances of a hack through unsecure access and subsequent claim against you and your firm…
Virtual Private Network (VPN)
Always connect to your firm’s system using a VPN. Some firms will not allow their employees to access any privileged information without first connecting to a dedicated VPN service (including email). Consider connecting to your VPN using a device other than the laptop on which you do your primary work, such as a mobile phone provided by your firm.
Firms should keep an up-to-date list of which employees are able to gain remote access to their data so they can quickly identify unwanted individuals trying to break in. Any former employees should also be removed from the firm’s authorization list and access revoked. Additionally, the individual overseeing the list should not be the same individual who can edit the list, to prevent collusion and the addition of ghost employees to gain access to sensitive information.
Firms should remind their employees that their home Wi-Fi set-up should be protected by a strong password. This is true regardless of if you live in a densely populated area such as a condominium building or semi-detached home, and rural areas known for cottages and farms. For more information on strong passwords, check out our post: The Art of Efficient Password Management – Purves Redmond Limited.
For more information on how to manage your passwords, contact:
Chris de Sousa Costa, MBA // 647.242.7469 // firstname.lastname@example.org
Nabe, C. (n.d.). Impact of COVID-19 on Cybersecurity. Zurich: Deloitte. Retrieved from https://www2.deloitte.com/ch/en/pages/risk/articles/impact-covid-cybersecurity.html