Good day to all Global Team Members.
As part of this month’s Continuing Privacy and Security Training (“CPST”), the Compliance Team wanted to describe “10 Security Requirements for Telecommuting and Remote Employees”
Data Privacy and Security for the Mobile Workforce
Remote work and telecommuting technology also allow business-tripping employees to get more done and stay better connected while on the road. But all of these new opportunities also come with new security risks. Once employees are no longer on company computers on the internal network surrounded by trustworthy co-workers, a security breach could be around any corner. One simple human mistake away. This is exactly why businesses and remote employees need to work together to build secure apps, procedures, and security policies that will help protect company and customer data absolutely. Today, we’re here to talk about how to teleworking securely while working remotely.
1. Stick to Private Secured Wi-Fi Networks
Unsecured Wi-Fi networks are, in fact, one of the biggest security risks in the mobile workforce. Most remote professionals are used to picking up whatever Wi-Fi network is available, from the public library network to the local Starbucks. And while there are many little harmless Wi-Fi networks in the world, there are also many trap networks hosted by hackers with ill intent.
The problem is that a Wi-Fi host who knows what they’re doing can access and infect any device connected to them. And they do this by pretending to be local business Wi-Fi or conspicuously insecure residential neighbourhood Wi-Fi. Fortunately, the solution is simple. First, Stay away from unknown Wi-Fi networks. Reset default Wi-Fi routers passwords or else use only company provided mobile hotspot to be secured.
2. Use a Virtual Private Network (VPN)
A VPN is an effective way to help keep your data secure when connecting to the web via public Wi-Fi. VPNs provide a secure tunnel through which information passing in and out of your laptop, tablet, smartphone, or other device can travel. To maintain data security, it’s especially important to use a VPN if you connect to corporate file servers or applications from a remote location.
3. Always use the company portal to access the corporate servers
Every company has procedures in place for how employees should access the network when out of the office. If you’re not sure what that is, check with your IT department.
Don’t try to set up your own remote access, using software you may already have on your home device, If you try to use that software on the corporate network, you could bypass your company’s security protocols.
You may be required to use two-factor authentication (2FA) to gain access through the company portal. This is easy to set up and greatly reduces the chances of a hacker getting into the network.
4. Never Trust an Unknown USB
You’ve probably heard that links in emails are dangerous. But USB connections are just as likely a vector for malware and infection. Any thumb drive or device connected by USB can be infected with a planted virus, root kit, or any number of nefarious add-ons. Often masked as legitimate files like music or PDFs.
As a policy, Never connect a USB thumb drive or device-to-device cable to company laptops or phones. Charging can be done through a socket-to-USB converter, hubs, and devices. But connecting to any unknown data source has a very high risk of malware infection and direct hacking.
5. Always Hide Passwords and Pins
Speaking of password security, never ever print passwords or pins on a screen. Hackers have been known to target remote workers and get a personal or camera angle on their screens in order to steal passwords. Which is particularly dangerous because, for most people, one password works for a lot of different accounts. Keep your passwords safe by never permitting a password to be visible in more than character count. And, if you ‘remember’ passwords, don’t even display the character count.
This is one of the best possible ways to keep your passwords secure.
6. Laptop Lock-Up Policies
Laptops are one of the most popular items to steal of all time. They are valuable, portable, and often full of profitably private corporate data. Remote working professionals are also easily identifiable by their mobile-office setup and business like demeanour in public places. City thieves are known for waiting until a laptop was briefly unguarded or momentarily left unwatched to strike. Laptops also commonly disappear from hotel rooms through one illicit route or another. And other mobile devices are not any safer.
Keep your laptops and work devices locked away at all times.
7. Stick with designated company communications platforms
Because you work from home a lot, You may constantly needs to instant message to your Team. While it may be easy for you to use a third-party app that you already installed, such as WhatsApp, Telegram, Signal, Viber or Google Hangouts, stick with the company’s officially approved communications tools.
Companies typically have a preferred chat platform that they use for managing their teams and employees should use it, so the information you’re sharing can be protected.
8. Protect yourself from Phishing attacks
What is Phishing?
Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
The information is then used to access important accounts and can result in identity theft and financial loss.
5 Simple ways you can protect yourself from phishing attacks.
- Does the email look suspicious ? – Report it !Reporting that a phishing attack has taken place can significantly help in containing the attack and preventing other individuals from being targeted.If you have received a malicious email to your company email account, it should be reported immediately to your IT Security staff – either in person or through submitting the email in the phishing alert tab on the top right side of your Microsoft outlook. Organisation’s IT Security staff will be able to take steps to prevent other users from receiving the malicious email or from responding to it.
- Verify the email senderAlthough the sender of an email may be someone you know personally, there is always the possibility that one of your friends or colleagues has had their email account hacked. If the persons email account has been hacked, the attacker may be the one who is sending out emails in the hope that individuals are more likely to trust the sender.If you think an email looks suspicious, calling the person or organisation who the email claims to be from is an easy way to check that the email has been sent legitimately.
- Think before you clickPhishing emails will often contain malicious URL links. Typically, these URL links will take the victim to websites that may contain malware or to webpages that request the victim enters sensitive information, such as their username & password.If you receive an email that contains a URL link, hover your mouse over the top of the link to reveal where the link will take your browser to if you click on it. If the URL link that’s revealed doesn’t match the text of the link in the email, there is a strong chance the link may be maliciousIf the email claims to be from a public organisation (such as your bank), browse to the website by typing in the URL from a trusted source instead of clicking on the link in the email.
- Does the domain name look right ?A very common tactic used by spear-phishers is to use a “spoofed” domain name which is very similar to that of the target organisation or an organisation which is likely to be trusted. This increases the likelihood of the sender’s email address and any malicious URL links to be trusted by the victim, as it is quite possible differences between the genuine and spoofed domain names would go unnoticed by the recipient. Some examples of “spoofed” domain names could include: m1crosoft.com, abobe.com or barclys.com.Pay close attention to the domain names that are in use when you examine the sender’s email address or URL links. Look for typos or character substitution in the domain name which could indicate that the domain name is not genuine. If there is any doubt about the authenticity of a domain name, browse to the target domain name directly from a Google search or enter the URL manually from a trusted source, such as company documentation.
- Not all file attachments are safeMalicious file attachments are very common in phishing attacks. Attackers will often send file attachments that are laden with malware that can be used to compromise your computer and get access to sensitive information, such as usernames, passwords or financial information. File attachments may be named in such a way as to entice the recipient to open them, for example a PDF document may be received that is named “Payslip.pdf” or an image file might be sent with your name contained in the filename.If you think you have received a file that may be potentially malicious, make sure that you do not open the file. Contact your IT support department or the organisation you believe the file to be from, so they can investigate the file and take further action if required.
9. When in doubt, contact your IT department
Working from home means dealing with a lot of tech issues that were handled by trained professionals at work. If something doesn’t seem right or you’re not sure how to do something, contact your IT team.
10. Check Whether Antivirus software tool is Installed in your system and working efficiently.
Antivirus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats.
In our Organization we are using VIPRE Business Agent antivirus tool to protect from different types of malicious software.
Find the below Screen Shot for your understanding.
As you know, eHealth Technologies’ Privacy and Security Compliance Team delivers monthly training – everyone should know – Think Before You Click! As always, please let us know if you have any questions on the privacy and security of Covered Information, including PHI, ePHI, and other Confidential Information.