Asking your employees to work from home due to coronavirus concerns? Here’s how you can boost security
Many companies across the world have started asking its employees to work from home amidst coronavirus concerns including the likes of Apple, Google and Twitter.
And while working from home comes with its own set of issues, like arranging for a system that can handle your daily work (not everyone works on Google Docs and Word), there is a bigger concern about cybersecurity issues.
At home, employees will be using their own internet connection via WiFi or fixed lines and there is no way the employer can ensure that their data is safe. Some companies also work on certain domains that can be accessed only via office internet, in those cases, one must give access to employees to use these at home (for example a CMS for content in media houses).
"We would encourage companies to be particularly vigilant at this time, and ensure employees who are working at home exercise caution. Businesses should communicate clearly with workers to ensure they are aware of the risks, and do everything they can to secure remote access for those self-isolating or working from home," said David Emm, principal security researcher, Kaspersky.
"It is a known fact that once devices are taken outside of a company's network infrastructure and are connected to new networks and WIFI, the risks to corporate information increase. It is high time that we boost not only our physical immunity but also our networks' security against these damaging attacks," added Stephan Neumeier, Managing Director for Asia Pacific at Kaspersky.
In all this, it is important to maintain all precautions and beef up security. If you as an employer are asking your team to work from home, here are some steps you must follow to reduce cyber-risks associated with working from home:
1. Provide a VPN for staff to connect securely to the corporate network
2. All corporate devices - including mobiles and laptops - should be protected with appropriate security software, including mobile devices (e.g. allowing data to be wiped from devices that are reported lost or stolen, segregating personal and work data, along with restricting which apps can be installed)
3. Always implement the latest updates to operating systems and apps
4. Restrict the access rights of people connecting to the corporate network
5. Ensure that staff are aware of the dangers of responding to unsolicited messages
6. Employ training and activities which will educate employees about cybersecurity basics, for example, to not open or store files from unknown emails or websites as they could be harmful to the whole company
7. Enforce the use of legitimate software, downloaded from official sources.
8. Make backups of essential data and regularly update IT equipment and applications to avoid unpatched vulnerabilities that can become a reason of a breach