While organizations across the US strive to comply with shelter-in-place orders, threats to data privacy and security are increasing for two reasons. First, data security is one of the most commonly overlooked aspects when transitioning employees from office to home, especially in this pandemic situation which has charged employers with the responsibility to make big changes with little time for preparation. Second, scammers have quickly recognized that vulnerabilities exist and taken advantage of the situation, resulting in increased efforts to hack into secure systems.
One step you can take right now to improve data privacy and security in these challenging times is to draft a telework policy, incorporating these five guidelines (or work with your professional employer organization - they're experts!).
1. Avoid Public WiFi
Public WiFi poses a number of security threats and shouldn't be used if possible. Instead, encourage employees to use their home network (which they should secure with a password if they haven't already) or a hotspot. Reimbursing those expenses or providing the hotspot and subscription, if feasible, can encourage safe behaviors among telecommuters.
If public WiFi use is unavoidable, using VPN (virtual private network) and company-approved antivirus software can improve security.
2. Use Company Computers
Many organizations have found it difficult to secure an adequate number of laptops to send their staff home with company equipment. Even if that's the case, it's still possible to take a secure route. If some or all of your employees are still working off of a desktop computer, it's safer to send their desktop home with them during the pandemic than it is to have them work off of their personal computer. Company computers are often equipped with higher-end security than personal computers, ensuring that malicious sites, viruses, and malware are effectively blocked. Require employees to use company equipment (or follow clear security guidelines) in your telework policy.
3. Lock Doors When Home or Away
Employees have additional obligations to keep their homes secure when they become an extension of the office, which means they must work in a private area when dealing with protected information, switch to their lock screen before stepping away, and secure their home when they leave for appointments or essentials.
4. Use a Dedicated Thumb Drive
Encourage employees not to use personal thumb drives for professional files. A classic technique for hacking into secure systems is to install harmful malware onto thumb drives plugged into unsecured systems. This means that if an employee uses a thumb drive on their personal computer while browsing unsecured sites, the safety of the thumb drive can no longer be trusted. When they plug the same drive into company equipment, it may result in a security breach. Employees should use only company-supplied thumb drives on their workstations and should never use the same drive for personal reasons or on a personal machine.
As an added note, using a USB data blocker when charging a company phone on either a personal computer or a public charging station allows the power to connect but not the data, increasing data security.
5. Don’t Leave Devices in the Car
Devices are commonly stolen from vehicles, and when the devices contain private stakeholder information, this can pose a tremendous risk to your organization. Advise employees not to leave company equipment - phone, tablet, computer, USB drive, or files - in vehicles. They should bring it into the home as soon as they get there and only transport it when they need to.