William “Bill” Rials, an expert and associate director in the Tulane University School of Professional Advancement Information Technology Program, is available to speak about cybersecurity tips for both businesses and their employees as the majority of the nation’s workforce is now working from home.
People working remotely or from home/other during the health emergency should be aware of cybersecurity, as no one wants to add a cyber breach to the current health concerns. Here are tips to help people work from home in a more cyber-safe manner:
- If possible, keep a work device separate from a personal device/computer.
- For personal devices, be sure to run endpoint protection (anti-virus).
- For personal devices, ensure the device is updated (OS updates, Office software updates
- HIPPA/FERPA etc. regulations remain in effect even when working from home. Be careful when printing sensitive material, and risk of over-the-shoulder leaks.
- Router/Access Point should require embedded software updates and strong passwords to prevent hackers crawling the net looking to brute force attack routers.
- Zoom crashing – with publicly posted zoom URLs, uninvited folks join for malicious/eavesdropping/criminal/IP stealing reasons – be sure you know how to kick folks out of your Zoom session as the leader. A solution would be to add a password to Zoom meetings, monitor who has joined and ask for unknowns. Kick out those who are not known to be invited.
Here are tips for businesses to operate effectively during the pandemic and help their employees avoid malware and phishing attacks:
- Cybersecurity measures should be smooth and painless for employees as poorly implemented burdensome solutions drive employees to circumvent needed measures.
- Businesses should have a remote work policy for all employees
- If possible, provide secure devices with VPN software installed
- Require VPN connections to access the corporate network. It is highly recommended to have multi-factor authentication for a virtual private network.
- Use cloud data storage instead of having employees save files to their personal offsite hard drives.
- Require any device that connects to company server have a minimum level of security, and in-lifecycle operating systems.