Cybersecurity and Working from Home

by John Bandler

I originally wrote this article in March 2020, when COVID started to hit so many people started working from home, and students started learning from home. It was the start of a global pandemic I never thought I would see. This created cybersecurity issues that needed to be considered even as organizations grappled with how to simply do business. Two years later, the pandemic continues, remote work remains prevalent, and will in the future.

The premise of my first book holds true

This situation reinforces the premise of my first book, Cybersecurity for the Home and Office. Cybersecurity (and privacy) should begin in our homes, as we educate ourselves and our family about the threats, and we secure ourselves, and then bring that knowledge and experience to the workplace. Our home and work lives and information systems are so intertwined that good cybersecurity for an organization is supported when each employee and manager has good awareness and good cybersecurity “hygiene” both at work and home.

Organizations should have in place a strong cybersecurity program with policies. Many organizations have room for significant improvement on that front. Remote work is an area organizations now need to anticipate. Working from home — especially as a sudden requirement — may mean using personal computers, networks, and possibly email accounts. These systems are not under the control of the organization and may present cybersecurity and legal risks. Fortunately, employees who are knowledgeable and have secured their home systems can minimize risks to the organization (as well as their family).

Cybersecurity tips

Here are some quick cybersecurity tips for you (or your employees) who are in the sudden position of working from home, using personal computers, networks, and other systems. Follow my “four pillars of cybersecurity” and improve your (i) knowledge and awareness, (ii) device security, (iii) data security, and (iv) network and internet security. Improve things little-by-little, don’t make huge changes at once, and think of my “security dial” concept.

  • Knowledge and awareness: Human decision making and common sense are essential to remaining secure and preventing cybercrime (including with transfer of funds).
  • Device security: Keep physical control of computers (don’t lose your phone or laptop), keep them malware free and updated, check your privacy and security settings.
  • Data security: Secure your cloud accounts, email accounts and important online accounts with two factor (multi-factor) authentication. Back up and securely store your important data. Securely delete data you don’t need.
  • Network and internet security: Keep your home Wi-Fi network secure. Use a strong password to access your home network, keep your router updated, make sure your router administrator portal does not allow access with default usernames or passwords.

See my article on Bandler's Four Pillars of Cybersecurity for more details.

Resumption of normal operations - or the new normal

We are years past the initial disruption of the pandemic and settling into a new normal. If we haven't already, we need to evaluate the implications of any stopgap measures we took, and fix any issues that developed. Consider where data may reside. As a temporary measure, employees may have stored it places where it should now be securely deleted. Access privileges may have been altered, and should be reviewed. As always, we have an opportunity to improve our cybersecurity programs, even if by a little.

Health and science

I mentioned then and it is worth repeating now that health and physical safety is paramount. This is a good time to be mindful of and grateful for our medical professionals and scientists and their advice. Making good decisions means basing them on science, fact, and common sense, not speculation or fear.

Conclusion

The pandemic was disruptive for organizations and employees, and remote work is now more prevalent. We need to ensure pandemic disruptions have not compromised our security, fix any gaps, and look to continual improvement. Now more than ever, cybersecurity and privacy starts in the home, where we can learn and practice, and then bring that knowledge to the workplace.

This short article simplifies may things and of course is not customized for you nor is it legal or consulting advice. My articles and books have more information.

Additional reading

This page is hosted at https://johnbandler.com/cybersecurity-and-working-from-home. Copyright John Bandler all rights reserved.

A copy of this article is also available on Medium at https://johnbandler.medium.com/cybersecurity-and-working-from-home-a02d221470d4 (though not as current).

Posted 3/6/2020. Updated 2/7/2022.