When the COVID-19 pandemic broke out and businesses moved their operations to a work from home (WFH) basis, many had to do so in a rush. While many people around the country have been able to work from home at least occasionally in the last decade, very few businesses are set up for complete WFH operations. Although the country is slowly beginning to open and workers are preparing to return to offices in phases, many businesses may continue to WFH for weeks or even months. Some businesses have even announced moving a portion or all of their employees to a permanent WFH status. With this long-term WFH environment in mind, there are some things that CEOs need to consider.
Evaluate current IT security and protection
When it comes to creating a successful and secure WFH environment, a top priority for businesses should be making sure that their business operations are secure and that their customer data are protected while employees are working remotely. If a company is hacked due to lax security while employees are working outside the office, operations will be disrupted, customers may be lost and the company’s reputation will likely suffer. To prevent this from happening, businesses need to assess their security vulnerabilities and the strength of their IT infrastructure.
Enterprise Risk Security (ERS) experts should review a company’s policies and procedures, scrutinize their operations and run tests and vulnerability scans on their network infrastructure. A thorough risk assessment brings visibility to an organization’s exposure to data breaches and other information security threats, reducing the possibility of surprises. Business leaders can then prioritize identified risks and make informed decisions on how to manage them. They should also consider what measures their third-party vendors are taking to reduce security risks.
To help create a secure WFH environment:
- employee laptops (whether owned by the business or individual) must be secure, with firewalls, anti-malware and intrusion-prevention software installed.
- companies must have a protected Virtual Private Network (VPN), with sufficient slots for all remote workers, and Virtual Desktop Infrastructure (VDI) in place.
- systems must be able to handle peak loads and outages.
Communicate security measures and best practices to employees
Regardless of the individual and remote setting, security measures employed in the office must be mirrored in remote working environments. It is therefore necessary for a business to establish security protocols that their employees agree to adhere to, and then ensure through constant communication that these protocols are being practiced, so that the data for which the company is responsible are always protected .
Employees should receive regular communication from management or the company’s IT department about security updates or warnings about possible malware or phishing schemes so that they are hypervigilant. Despite the best security measures, breaches do occur, and employees should be reminded to report anything unusual or suspicious immediately.
Monitor security, protection and employee hygiene
Cyber hygiene is vital when employees WFH. Some may not be used to working outside the office and may need guidance. To keep tabs on employee cyber hygiene and achieve confidence that security measures are being implemented, companies need to:
- ensure firewalls, anti-malware, anti-virus and other protection software are installed and configured properly;
- confirm that employees are using encrypted routers and not using personal devices such as printers or USB drives for business, as that would violate security as well as confidentiality rules;
- update operating systems, software, browsers and firmware with the latest security patches;
- enforce multi-factor authorization procedures and strong password controls.
If you have any questions or concerns, please fill in the form below and someone from our Enterprise Risk Services team will contact you.