Cybersecurity and Working from Home
We are in the midst of a global situation where some businesses are encouraging or mandating their employees to work from home, and some schools are closing. This creates some cybersecurity issues worth considering as organizations adjust to remote work.
For perspective, health and physical safety is paramount, so this is a good time to be mindful of (and grateful for) our medical professionals and their advice. We want to base our actions on science, fact, and common sense, not based upon speculation or fear.
This situation reinforces the premise of my first book, Cybersecurity for the Home and Office. That cybersecurity (and privacy) should begin in our homes, as we educate ourselves and our family about the threats, and we secure ourselves, and then bring that knowledge and experience to the workplace. Our home and work lives and information systems are so intertwined that good cybersecurity for an organization is supported when each employee and manager has good awareness and cybersecurity “hygiene” both at work and home.
Organizations should probably have in place a strong cybersecurity program with policies — and it is no secret that most organizations have room for significant improvement. Some organizations may already have in place systems and policies for working remotely, but many do not. Working from home — especially as a sudden requirement — may mean using personal computers, networks, and possibly email accounts. These are not under the control of the organization and may present cybersecurity and legal risks. Fortunately, employees who are knowledgeable and have secured their home systems can minimize risks to the organization (as well as their family).
Here are some quick cybersecurity tips for you (or your employees) who are in the sudden position of working from home, using personal computers, networks, and other systems. Follow my “four pillars of cybersecurity” and improve your (i) knowledge and awareness, (ii) device security, (iii) data security, and (iv) network and internet security. Improve things little-by-little, don’t make huge changes at once, and think of my “security dial” concept.
Knowledge and awareness: Human decision making and common sense are essential to remaining secure and preventing cybercrime (including with transfer of funds).
Device security: Keep physical control of computers (don’t lose your phone or laptop), keep them malware free and updated, check your privacy and security settings.
Data security: Secure your cloud accounts, email accounts and important online accounts with two factor (multi-factor) authentication. Back up and securely store your important data. Securely delete data you don’t need.
Network and internet security: Keep your home Wi-Fi network secure. Use a strong password to access your home network, keep your router updated, make sure your router administrator portal does not allow access with default usernames or passwords.
After resumption of normal operations: When employees return to normal work, consider where data may reside. Is data in places where it needs to be securely deleted? Does data need to be copied into the proper place? Consider what access privileges need to be restricted and returned to the prior condition. This is also an opportunity to improve your cybersecurity program.
This short article simplifies things and merely provides a brief overview, and of course is not customized for you nor is it legal or consulting advice. My articles and books have more information.
See my website for a copy of this article plus additional references, starting at: https://johnbandler.com/cybersecurity-and-working-from-home
My books are
Cybersecurity for the Home and Office: The Lawyer’s Guide to Taking Charge of Your Own Information Security
Cybercrime Investigations: A Comprehensive Resource for Everyone
Posted 3/6/2020
