Coronavirus (COVID-19): Managing Cyber Security Risks of Remote Work

Corona viruses (CoV) are a large family of viruses that cause illness ranging from the common cold to more severe diseases such as Middle East Respiratory Syndrome (MERS-CoV) and Severe Acute Respiratory Syndrome (SARS-CoV). Common signs of infection include respiratory symptoms, fever and cough, shortness of breath and breathing difficulties.

Standard recommendations to prevent infection spread include regular hand washing, covering mouth and nose when coughing and sneezing. Avoid close contact with anyone showing symptoms of respiratory illness such as coughing and sneezing.

With cases of the Novel Coronavirus (COVID-19) emerging in nearly every state, many businesses are taking swift action in an effort to control its spread. “Remote working,” or simply “working from home,” is a centrepiece of those efforts. It may be effective to slow the community spread of virus from person to person. But, there are big cybersecurity challenges that can be different than on-premise work. There are some tips listed below to help guide business through these challenges.

Policy and Communication:

Some organizations may have policies specifically geared for remote work, while others may provide for contingencies in disaster recovery plans, BYOD (bring your own device) policies, and other similar plans and policies. Managers should be familiar with applicable security guidelines, plans, and policies, and ensure that pertinent information is flowed-down to their teams and throughout the organization. This time pay attention to those who have never worked remotely before because may be they have less security concern on remote and data can easily breach from them.

Companies should review data breach and incident response plans to ensure that organizations are prepared for responding to a data breach or security incident. Update the plans if necessary for contact information for the (now) remote incident response team and outside advisors. The increased security risk of remote work reinforces the need to have a plan in place if something goes wrong.

Recommendations for Remote Work Cyber Security:

  • Remind employees of the types of information that they need to safeguard.  This often includes confidential business information, trade secrets, work product, customer information, and employee information.
  • Sensitive information (e.g., personnel records, medical records, financial records) that is stored on or sent to or from remote devices should be encrypted in transit and at rest on the device and on removable media used by the device.
  • Train employees on how to detect and handle phishing attacks and other forms of social engineering involving remote devices and remote access to company information systems.
  • Do not allow sharing of work computers and other devices. This reduces the risk of unauthorized access to protected company information.
  • Virtual Private Networks (VPNs) ensure that internet traffic is encrypted, especially if connected to a public Wi-Fi network. Also, consider prohibiting access to company information systems over there.
  • Company information should never be downloaded or saved to employees’ personal devices or cloud services.
  • “Remember password” functions should always be turned off when employees are logging into company information systems and applications from their personal devices.
  • Implement and enforce two-factor(2FA) or multi-factor authentication (MFA). Limit employee access to protected information to the minimum scope and duration needed to perform their duties.
  • When more employees than normal are working remotely, or remote work is new to an organization, IT resources may be strained and required IT assistance may increase.
  • If the GDPR applies to your business, a number of European Union data protection authorities have issued guidance. Check the website of your functional data protection authority. Some examples: Ireland, Italy, France, United Kingdom.

Require security software on employee devices and ensure that all versions are up to date with all necessary patches.