Security Considerations
during COVID-19
As companies are scrambling to develop and implement alternative working arrangements for many employees, it is easy to see how maintaining high levels of security over company data could get lost in the shuffle. Hackers recognize the increased levels of vulnerabilities caused by the upheaval with COVID-19 and are ready and willing to take advantage of it. Below are some things to keep in mind while preparing alternative work arrangements for your company.
Provide Support to Employees
Employees who work in the technology positions responsible for maintaining daily operations, protecting data and securing information systems need extra support as they take on additional work assignments and face increased workload. Any assistance that can be provided to these employees is invaluable so that they can focus on the most important tasks at hand and not feel pressured to skip crucial steps in maintaining data security. Besides their regular job tasks, technology employees are setting up employees to work remotely, which for many employees is completely new and creates a lot of questions and needs.
Communications Should be Proactive
Proactive communications on the part of leadership can alert employees to potential security weaknesses before they happen. Company leadership should detail to employees when to expect communications and how they will distribute critical information. Receiving off-schedule messages can signal to employees whether a questionable message could be a scam. Remind employees to use the company’s official communication channels to validate any questionable messages and information. As for employee communications with others, it is important to remind them to not use personal email, texting, or third-party applications to conduct company business. Using the phone to communicate can be more preferable than other forms of communication at this time.
Security Risks can be Minimized
Instituting remote work arrangements creates new security risks for companies. Businesses must secure access to company systems and data and ensure information can be transmitted securely. A VPN (Virtual Private Network) solution should be set up to ensure data can be transmitted securely over a public network. Using a VPN will allow employees to send and receive data over shared public networks as they are connected directly to the business’ private network. The addition of multi-factor authentication with the VPN access increases the level of data security for authorized users. A common multi-factor authentication setup is the addition of a passcode, delivered outside of the network (often through text or phone call), to the authorized user for entry after regular login with username and password.
Simple steps such as pre-set session sign offs can minimize the risk of an unauthorized user gaining access. For remote logins, session timeouts can be automated after the employee has not used the network for a certain period of time. Similarly remote workstations can be automatically locked after a set time of inactivity which protect workstation access if it is unattended.