These are unusual times. The coronavirus (COVID-19) pandemic has demanded new ways of human interaction, both in the business and personal worlds. This includes firms around the world directing a large number of employees to work from home.
Working remotely amid the COVID-19 outbreak can be a major adjustment and presents multiple challenges to business continuity. The telecommuting environment adds specific information security elements that need to be addressed. Additionally, maintaining professionalism and effectiveness in this different environment can be a struggle.
Below are a few guidelines to be mindful of when working from a home environment.
Working from Home Safely: Maintaining Information Security
Information security issues may be heightened when working from home, especially considering the scale of the current telecommuting environment.
Anticipate and be patient with “set up” issues
The remote environment requires some setting up for security, especially for those for whom this is unfamiliar. Connecting to the virtual private network (VPN), authenticating, and similar tasks may require patient explanation and direct guidance from remote help staff. Additionally, service requests such as password resets, connectivity problems, etc. may require more effort and time to resolve. Patience, understanding, and level-headedness will go a long way in this environment.
Set up a safe and private working environment
Enhance security by making sure your work from home setup is configured for privacy and safety.
- Use a wireless router with a good security track record, change its default credentials, and use strong Wi-Fi passwords with WPA2 encryption. If you use your internet provider's router, consider changing its default account credentials. See our tips on securing your home Wi-Fi network.
- Don’t allow outsider access to your work Wi-Fi network. If possible, set up and use a separate Wi-Fi (guest) network at home, with separate networking for home and work uses.
- If you use internet-connected smart devices in your home such as thermostats, televisions, light bulbs, and surveillance systems, ensure they are secured to prevent unwanted physical access.
- If printing confidential information, lock documents after their use, or shred them if no longer needed.
- If having confidential phone conversations, do them in a private home area. Turn off or mute visual or voice-enabled devices such as Amazon’s Alexa or Google’s voice assistant when discussing confidential matters.
Expect and accommodate additional verification
When workers are not physically present in the corporate office, it is essential to verify it is indeed them at their home office. Multi-factor authentication and other identification methods will be expected. Identity confirmation questions, call backs to known phone numbers, and other prudent safeguards will be utilized. Teams should employ these methods when seeking information and expect this enhanced verification from all parties.
Protect your computer from viruses
Frequent security patching is the best safety mask for your computer to protect it from infection. Be sure to enable operating system and anti-malware updates. Be sure to reboot your computer frequently, at least weekly, so the updates can take effect.
Use the cloud safely
When storing data in the cloud, ensure correct access control. Be careful of permissions and who is granted access. Don’t rush to share; think it through.
Be extra careful regarding scams
Unfortunately, criminals add more trouble to troubled times. Social engineering schemes such as phishing (fake emails to induce provision of credentials or access), vishing (fake voice messaging) and the like have been on the rise using phony COVID-19 messaging as a pretext. Ensure precautions are taken, including:
- Hover over sender addresses and hyperlinks to verify identity
- Never click or download unfamiliar material
- Do not accept document macros
- Do not provide credit card or PIN numbers over the phone, etc.
The review of phishing and other scam protection on a large-scale basis is also warranted. Learn 8 ways to Identify a Phishing attack with this infographic.
Working from Home Soundly: Maintaining Professionalism
The kids are screaming, the laundry is spinning, the mood is tense, the laptop is on your ironing board, you’re on a conference call with your boss, and the big project is due right after. It’s not easy “keeping it all together” in this new environment. Here are a few suggestions for maintaining professionalism while working from home.
Set up a comfortable and professional work environment
As much as possible, set up an environment conducive to getting work done in a focused, professional manner. Carve out a dedicated space (rather than “kitchen tabling” it) so that you don’t have to set up every day. Have comfortable lighting, and, if possible, privacy. Get the rest of the family “in” on the effort and have them try to keep it down while you’re at work.
Keep to a routine
Try to keep regular working hours, and, especially, regular off hours. Take lunch breaks, set aside some mild virtual “water cooler” time with colleagues, and take a walk around the block as your commute. But, also know that you can be flexible with your schedule when needed. If you need to take a break to deal with your kids or pets, that’s okay.
Keep up appearances
Dress for work, or at least, respectably casually. Bring a professional attitude to all aspects of your working day. Make sure to upload a picture on your virtual profile so conference attendees can match your image to your name. Additionally, prepare to be seen during virtual conferencing, and to have the camera give glimpses of your (neat) working area.
Kindness, patience, and understanding go a long way
These are trying, difficult, and downright scary times. Being a true professional includes a large measure of empathy, patience, and kindness toward everyone.
- Check in on your colleagues; make sure they are ok.
- Schedule a coffee break with a colleague via video chat to start off the day.
- Exhibit extra patience for others.
- Let your humanity shine through.
- Let your kindness go viral.
We Are Here For You
ACA is here to support your firm as you navigate this uncertain time. We offer a range of services designed to help firms address and mitigate the new and emerging risks resulting from the COVID-19 pandemic in order to maintain business operations and withstand the crisis. Our solutions include:
- Third-party risk management
- Surveillance (employee risk management)
- Compliance staffing and support solutions
- Cyber awareness training for staff
Please reach out if your firm needs support.
Visit our COVID-19 resources page to access all of ACA’s resources to help your firm manage the new and emerging risks created by the pandemic.
About the Authors
Jeffrey Gorton, CRISC, is a Senior Principal Consultant at ACA Aponix, ACA Compliance Group’s cybersecurity and risk division. Jeffrey performs cybersecurity and compliance assessments for private equity pre- and post-deal engagements and takes on interim technology leadership roles for various organizations. Jeffrey has over 30 years of experience in technology infrastructure and cybersecurity and has held senior leadership roles within Fortune 100 and smaller organizations of global and domestic scale. He has applied his experience and expertise with firms in financial services, mineral mining, law firms, and large-scale construction services. His accomplishments include facilitating large-scale data-center moves, designing new and rationalizing existing technology risk-management programs, designing secure applications and networks, managing technology and cybersecurity operations, and managing incident responses. He also holds the Certified Risk and Information Systems Controls (CRISC) certification along with other technical and governance certifications.
Mike Pappacena is a Partner based in New York for ACA Aponix. In this role, he performs cybersecurity risk assessments, conducts vendor due diligence, and contributes to policy authoring, staff training, and product development. Prior to ACA, Mike served as a project manager for Jefferies LLC and worked on several compliance initiatives. In addition, he spent fifteen years at Goldman Sachs, where as a vice president in the Technology Division, he managed development teams supporting the firm’s Legal, Compliance and Audit, Sarbanes-Oxley, Operational Risk, and Technology Risk departments. He also managed Fundamental Equities and Alternative Investments in the GSAM division. Earlier in his career, Mike worked as an engineer at Long Island Lighting Company (now PSEG). Mike earned his Bachelor of Electrical Engineering degree from the Pratt Institute and his Master of Business Administration degree (Finance concentration) from Adelphi University.