Securing Your Company Data in the COVID-19 World

Employees across the country have quickly transitioned from working in a traditional office environment to working remotely as a means of social distancing - a key measure for preventing the spread of COVID-19.

While increasingly common, even before the virus, allowing employees to work from home presents its own unique set of cybersecurity risks. But, the sudden (sometimes overnight) transition has put both employers and employees at an even greater risk for cybersecurity breaches. Cybercriminals are using the current crisis to find new vulnerabilities in the IT infrastructure of businesses, large and small.

Here are 5 actionable steps to help you secure your critical data during this unprecedented time.

person working on large monitor

1. Develop a Remote Work Policy

If your organization is like many, this crisis has required you to adapt very quickly to continue operations during ‘stay-at-home’ or ‘shelter in place’ orders. Review your current cybersecurity policies to determine if there are any established remote work/remote access guidelines. If there aren’t, don’t worry - you’re not alone. 

With the uncertainty of how long this ‘new normal’ will last, now is a good time to establish some basic guidelines for remote work and remote network access. Consult a third-party IT or cybersecurity firm if your organization doesn’t have its own in-house IT team to ensure this policy is effective, comprehensive, and compliant with applicable laws and regulations.

2. Create Secure Connections

Companies generally have a number of controls in place to protect internet connections in the office environment. But, at home it’s trickier to provide that level of protection. There are a few practices that can increase the security of remote connections.

  • Provide employees using company equipment with VPN access to help protect the data sent and received while working from home.

  • Make sure their home WiFi network has a strong password and utilizes WPA2 encryption. 

  • In addition to the WiFi password, employees should also change the login and password required to enter their router settings.

  • Limit employee access to information to the minimum scope and duration needed to perform their duties.

  • Consider implementing and enforcing two-factor or multi-factor authentication (MFA).

3. Invest in Remote Worker Training

Look, we get it, this whole thing happened so quickly that many of us went into the office for the last time (for a while) without realizing it. And, while you’ve likely spent the last few days trying to teach employees how to unmute themselves in a Zoom meeting, now is not the time to get complacent with security training. Cybercriminals are taking advantage of this rapid deployment of remote work to access sensitive company data.

Remember, most employees do not naturally work from a security frame of mind, but one of efficiency. Also, it’s likely that the majority have never worked remotely before. Some important training topics to cover include:

  • Reminding employees of the types of information that needs to be safeguarded, and how to do so at home.

  • Training employees to correctly detect and handle phishing attacks and other forms of social engineering.

  • Reminding employees that HIPAA and other similar laws still apply.

4. Establish Clear Communication Expectations

One of the most challenging aspects of remote work is the potential lack of communication, or difficulty to communicate effectively. When employees work remotely, they can’t drop by a coworkers’ desk to ask a question or provide sensitive information face-to-face. Here’s how you can encourage effective, secure communication within your team.

  • Create an expectation for how certain types of information should be shared. Make it clear how workers will and will not communicate with each other. Setting clear guidelines will help employees to avoid divulging data to an attacker.

  • If your organization plans to use video conferencing, it’s important to use a secure platform and make sure only invited attendees are present.

  • Keep all collaboration tools up to date, and make sure that employees are only using approved tools.

  • Establish a point-of-contact for all technology and security questions or concerns. It’s important that your team feels supported and knows what to do when an issue arises.

5. Prepare For The Worst

These are truly unprecedented times filled with uncertainty and changes. Coupled with the sudden rollout of remote work, this creates a perfect storm of opportunities for cybercriminals. Now is the best time to develop or review your data breach and incident response plans. Again, this may be something that is all-new to your organization, and that’s okay. But what is not going to be okay is trying to figure all of this out after a beach has occurred. 

Having a remote data security strategy in place during these difficult times gives you the peace of mind that your organization’s sensitive data is protected - no matter where it’s accessed.


Kotman Technology has been delivering comprehensive technology solutions to clients in California and Michigan for nearly two decades. With a customer retention of over 98%, we pride ourselves on being the last technology partner you'll ever need. Contact us today to experience the Kotman Difference.

Previous
Previous

Supporting Our Clients. Supporting Each Other.