With so many people working from home, cyber risk is higher than ever before. When you work from the office on your employer’s systems, security features are often in place that reduce the risk that “bad actors” will gain access to your data. But those security features don’t usually extend from the office to workers’ homes.
Increased cyber risk results when basic IT controls aren’t addressed, leaving systems vulnerable to hacks and malware. Employers whose workers are accessing their business systems from home must train and provide remote support in these four IT control areas to reduce cyber risk:
- Firewalls and Anti-Virus Software
Home-workers should be required to install a firewall and anti-virus software. Firewalls protect against outside attacks and can be configured to block data from suspicious locations while allowing relevant and necessary data through. However, firewalls do not prevent attacks; they only protect against malicious traffic. Anti-virus software scans computer files and memory for patterns that may indicate the presence of malicious software based on known malware from cybercriminals.
- Program and System Updates
Home-workers should download and install all program and system updates. Skipping updates and patches creates vulnerabilities that can be exploited by hackers and scammers. Outdated updates were the reason for some recent – and awfully expensive – cyber fraud events at Equifax and Home Depot, among others. Workers should set up updates to be pushed automatically to their home computers and other devices to ensure they stay up-to-date.
- Passwords and Two-Factor Authentication
Home workers must use passwords for all business systems access and should be encouraged to use two-factor authentication protections to add an extra layer of protection. Two-factor authentication means the user must enter username and password plus another step, such as entering a security code sent via text to a mobile phone. Passwords used at home should follow the same length and strength protocols as when they are used at the office.
- Phishing Emails
Home workers should be trained never to open an email from a suspicious source, click on a link in a suspicious email or open an attachment without scanning it first. Otherwise, your worker could be a victim of a phishing attack and your data could be compromised. Workers should never click on links in pop-up windows, download “free” software from a pop-up, or follow email links that offer anti-spyware software.
More working from home equals increased cyber risk because basic IT controls at the office don’t automatically extend to home. This scenario can leave systems vulnerable to hacks and malware. Employers must train and support their home workers about firewalls and anti-virus software, system and program updates, passwords, and phishing scams to reduce cyber fraud and protect their business systems and data.