With so many employees suddenly working from home, often with very little time to prepare, businesses are at potential risk for a wide range of issues, including cyber crime. A lot of them are left wondering what can/should they be doing to protect their business interests, their employees and their client/customer data? What are the risks? What are the potential cyber security protections? How does business insurance come into play? To answer these questions, I had the pleasure of speaking to Dan Ribacoff, one of the world’s most foremost private investigators.
Dan Ribacoff states, “The risks of working from home are that the internet connection and computer may not be as secure as those in your office. With your office, an admin can track the internet connection and computer usage in the building, who is using it, and what they are using it for. When your employees are out and about, connected to the internet from different locations, you lose that control that you had previously.” He then explained to me that to secure important data, it is imperative that certain procedures be followed:
You should have a password protected computer
For your computer, you’ll need a password complex enough that it can’t be guessed by roommates or family members. While they may not be trying to steal your information or harm you in any way by using your computer information, they can still accidentally put your cyber security at risk. If they use your computer to access their email or do a quick Google search, they run the risk of having malware or other harmful programs downloaded on your computer if they click on something as small as a bugged link.
When creating your password, you should refrain from using commonly guessed pass-phrases, such as pet names, children’s names, birthdates, anniversaries, digits in your address/phone number, and school names. These are things that anyone can find out about you from just a quick google search. Everybody posts pictures and videos of their pets and children on their social media (I know I definitely do). The first place that a hacker will look for potential passwords is on your social media for the names of your pets and children.
After each work session, the computer should be logged off and shut down
From what I’ve seen over the years, when most people are done working on their work computer, they just turn off their monitor or put the computer in power-saving mode so they can just resume what they were working on the next day… bad move. When you do this, your computer is still logged in and running, making it much easier for a hacker to get onto your computer and access all of your data. That’s why it’s always important to double check that there are no lights coming from the computer itself when you turn it off to make sure that it is off and not on sleep mode.
The internet log in password should be complex
You may think that someone else being on your WiFi is no big deal, but in reality, it’s almost as dangerous as someone having access to your phone or your computer. Think about it… everything you do on your computer that requires an internet connection runs through your WiFi router. If a hacker is able to get on to your home Wifi, it makes it pretty easy for them to see everything you do while connected to the internet.
When setting a home WiFi password it should be practically un-guessable. Similar to setting a computer password, avoid using easily guessable passwords, such as pet names or child names. Instead, make it complete nonsense words with numbers, capital letters and special characters. Something like, RedHotPotatoSalad170% or 23BumblebeeTree!, because absolutely nobody will ever think of that.
A high quality virus scanner should be installed in the computer. When it comes to which one to download, I recommend either McAfee or Norton. I first mentioned this in a previous blog post (Identity Theft: 10 Ways to Protect your Identity), but these anti-virus services basically act as a bodyguard for your computer and all of the data that you have stored inside of it. Don’t be cheap when it comes to protecting your computer because a data breach will be a whole lot more expensive. I recommend to all employers who currently have their employees working from home to invest in anti-virus programs for all of their employees. If you are an employee, it would also be a good idea to talk to your employer about having these programs installed. They will most likely pay for the installation and it will make you look pretty good as well (Did somebody say “promotion” or “salary raise”?).
Use a VPN if possible
A Virtual Private Network, or VPN, allows you to securely connect to another network through the internet. You can use them for numerous activities, such as accessing sites in other regions or countries, but in this case, it would be used to protect your IP address and browsing activities from any hackers. As stated before, if a hacker is on the same network as you, they can see what you are doing or what you access while you are connected to that network. By using a VPN, they would not be able to see which network you are using, nor would they be able to have any sort of access to it.
Do not work from any public locations that have open internet connections
Sure, the WiFi at Starbucks has great internet speed and it’s a relaxing place to work and sip a Frappuccino, however, they have a public network with open internet connections, which means poor cyber security. That means that anybody within the network’s reach can join and have access. That’s why you get a little warning symbol when you join an unsecured network. The non-threatening hipster guy with the nose ring who’s sitting two tables away, with the right technology, could easily use that network to steal your information without you even knowing it. That’s why employers should not allow work to be conducted from public networks, or they should supply their employees with a VPN for their computers in order to maintain optimal cyber security for their businesses.
As far as insurance goes, speak to your broker about having adequate insurance for data breaches, ransomware or other cyber risks. These breaches can be very detrimental to your business and could really break the piggy bank. Remember when Sony Pictures was hacked in 2014? 100 terabytes of data were stolen and numerous unreleased films were leaked to the public, causing Sony to lose millions in the process. Don’t let something like that happen to you!