The corporate world has adjusted to working from home. This change happened suddenly and as a reaction to the global pandemic, COVID-19. While many organizations have strong business continuity plans in place that address remote working situations, this is a scenario that was not anticipated.
Video conferencing, computer audio calls, VPN access, remote sharing, screen sharing, increased email communication, and phone calls, have been adopted to increase connectivity among team members. All these modes of communication have been used and needed in the past, but not at the urgency or capacity needed today.
This global pandemic has presented hackers an opportunity to leverage vulnerable networks to acquire sensitive information to sell, to install viruses in technology, and to create chaos in video conferencing meetings. In saying this, there are strategies that can be used by organizations and individuals to protect their information. Below are our top 10 areas of focus to help minimize your data exposure:
- Privacy when working from home:
- Use a secure wi-fi network: Ensure you are using a secure network and not open a wi-fi source.
- Use a headset: It can be tempting to participate in work meetings on speakerphone. However, there can be other people in your home who should not have access to the information you do. Use a headset to minimize exposure of personal and sensitive information.
- Avoid using personal devices: Only use company-issued devices for work purposes. Using a personal device can increase the risk of exposure of work data and complicate data retention schedules.
- Be wary of your surroundings: As the weather becomes nicer, you may be tempted to take a call outdoors, work outside, or open your office window. Be careful of what your neighbors can hear and use discretion in those situations.
- Lock your screens: Even if you are at home, lock your computer screens when you leave your desk. This task should be routine regardless of being in or out of a workplace setting.
- Anti-virus applications: Ensure corporate assets are up to date with the latest anti-virus programs
- Wary of phishing emails: This risk has grown exponentially during COVID-19. Specific tips to implement can be found here.
- Document control: Still follow your organization’s guidelines for data retention policies and guidelines. This includes information that is printed out. If you no longer need it, shred it.
- Software information: Questions to consider when using software to communicate with vendors, team members, and other third parties as needed:
- Do you understand how to set up and manage the meeting on the application properly and effectively?
- Do you know about the product?
- Is chat history stored and recorded? If yes, for how long?
- Do you have any data residency concerns?
- Are you recording the meeting? If you are a participant in a meeting, is it being recorded?
- Is the retention of information shared through technology?
- Is there retention of information or meeting attendees?
- Information protection while using virtual communication applications:
- Only share your camera or audio as required. Check your Systems Settings each time you use a new application for teleconferencing. Wherever possible, update settings to “Ask before accessing (microphone and/or camera)”.
- If sharing your screen, turn off notifications to prevent embarrassment or oversharing of information via email or chat pop-ups.
- Only share the application screen versus the entire desktop, as document names and internet tabs can reveal more information than necessary.
- Ensure that the contact list for your organization is up to date: If there is a cyber-attack, it is prudent for the organization to have an alternate means of communicating with their team members to inform them of this. The leadership team should have a back-up email address and/or phone number to contact their team members.
- Software add-ons: It can be tempting to add additional features to your work applications to improve efficiency or just for fun. There are questions you should consider before installing any applications:
- Do you know who created the add-on?
- Does that company collect information?
- What is their business model?
- What is your company’s policy for installing software?
- Stay in control of your meeting application: Use a ‘lobby’ to keep an eye on attendees, make sure you inform everyone if you are intending to record, and inform them on what the recording will be used for (i.e., sending it out to attendees to review after the meeting, to post on their blog, or to post to social media).
- Systems: Stick to your official work computer and systems. Do not share information with your personal email or storage as a shortcut or to bypass correct remote access methods, such as VPN or managed cloud systems. All your existing privacy and security policies still apply. Do not let standards slip or get into the habit of using your secured work devices for personal use, or for personal software.
- Consider the security of your home network: Ensuring the passwords to your router and wi-fi are complex and secure can minimize cyber-attacks. Another privacy best practice is to ensure your devices have the most recent updates installed since they account for the latest bug fixes.
While not an exhaustive list, these are great technical privacy questions to consider while working from home.