Copyright @ 2024 Global Cyber Alliance | Sitemap
Over the past year, many companies and their employees have become knowledgeable about the benefits and risks associated with remote work, with varying degrees of success. Not surprisingly, hackers have also sharpened their focus on the potential vulnerabilities of remote workforces. If you’re working remotely and aren’t as familiar with technology and cybersecurity as you’d like to be, here are some low-tech steps that you can take to secure your data while you’re working from home:
-
- Think Before You Click: Realize that you’re a target for cybercriminals. You may have access to your company’s confidential, proprietary or trade secret information as well as information about its clients’ operations. Even if you don’t work on especially sensitive matters, you may have access to information your company maintains about its employees, such as social security numbers and medical information, which has value to hackers. If you receive an email from a sender you don’t recognize, or referencing a case or client that is unfamiliar to you, don’t open it. If your company has an IT department or a help desk, report the suspicious email to them, and let them check it for you.
- Learn About the Technology: Take some time to learn about the technologies your company has selected to enable employees to work remotely. If you’re not familiar with Citrix or virtual conferencing platforms, take advantage of any training your company offers about these technologies. Develop a basic understanding of the privacy and security options and the default settings that you’ll want to change. For example, the conference call and meeting apps you’re using may be set to automatically record calls and meetings, which can result in you inadvertently creating business records that could be subject to regulatory requirements, subpoenas and litigation holds, and, if recorded without consent, may violate various laws.
- Know Who’s Listening: Be aware of the devices you have in your home that have recording capabilities. While your workplace may prohibit smart speakers, you likely have them in your home. Now that you’re working from home, make sure to disable any smart speakers to eliminate the risk of them recording and storing your business conversations and the confidential, strategic or privileged information you may be discussing.
- Be Wary of Work-Arounds: Resist the temptation to work outside of your company’s email and document management systems. Drafting and saving documents on your personal computer or forwarding work emails to your personal email account may result in you being required to give your employer access to your personal email account and your personal computer to retrieve that data if they become relevant to a lawsuit or regulatory investigation.
- Verify Unusual Communications: If you receive an email from the CEO of your company, or a senior partner at your firm, asking you to send information about employees (e.g., social security numbers, W-2 forms, or other personally identifiable information), client documents, or business records to a certain email address, confirm the legitimacy of the email before sending the requested information. Call the person who sent you the email and determine whether the email actually came from her. If you’re not comfortable calling a member of the C-Suite or a senior member of your firm, call your supervisor or someone in your reporting chain and explain the situation to them. It’s better to be overly cautious than to be a victim of a business email compromise. Similarly, if a box appears on your computer screen asking you to grant remote access to your computer, don’t assume it’s a legitimate request from your company’s IT department. Call your IT department or a senior person at your company to find out if it’s a valid request or an attempted security breach.
- Check Your Printer: If other people are sharing your home printer (including your kids who are attending school remotely), be careful about printing documents that contain confidential, proprietary or privileged information. If you do print them, make sure to take them off the printer immediately to reduce the chances of someone else inadvertently taking your documents along with their printing, and accidentally including them with documents they send to someone else. Once you’re finished with the documents, make sure to shred them or, if you don’t have a shredder, put them in a secure location until you can take them to your office to dispose of them securely. Don’t just toss them in the garbage or recycling bin.
Whether you’re new to remote work or have been working from home for a while, it’s beneficial to periodically reassess your workspace, check whether the settings and policies of the apps you use have been updated, and consider options for reducing your cybersecurity risk.
By Gail Gottehrer, JD, Co-Chair of Technology and the Legal Profession New York State Bar Association