Cybersecurity Training: Maintaining Confidentiality in a Shared Home Office Environment

In the wake of the COVID-19 pandemic, businesses that can have staff work remotely are doing so to a large extent. And remote work is likely to be more common in the long term than it was pre-COVID, with many companies expecting to make some of their COVID-inspired remote work changes permanent.

But there are unique challenges for households in which multiple family members are working from home for separate companies. Specifically, how do employees who are sharing a home with other remote workers—or even sharing the same home office—maintain the confidentiality of potentially sensitive company data?

 

Basic Cybersecurity Best Practices

 

First, there are cybersecurity risks present in the Internet Age regardless of whether an employee is sharing a home office or working at an employer location. Basic cybersecurity best practices should be a fundamental part of any remote work training.

 

“When establishing a remote working policy, organizations should employ comprehensive cybersecurity guidance, as there will likely be employees unaware of the security risks and expectations of remote working,” says Judith Bitterli, VP of Consumer Marketing at McAfee.

 

Bitterli says there are several tips and tools that all HR teams should clearly communicate to their employees in order to adequately protect both personal and corporate data, including:

 

Using a VPN. It was common, even before the pandemic, for people to use publicly available Wi-Fi networks while working in coffee shops, parks, or other settings—convenient but not secure.

 

These unsecured connections make it easy for hackers to get access to both personal and company information. Instead, a virtual private network (VPN) establishes a secure connection while allowing employees to access work files saved in the cloud.

 

Avoiding the lure of phishing e-mails. “We’ve seen hackers attempt to take advantage of people’s fears by pretending to sell face masks online to trick unsuspecting people into giving away their credit card details,” says Bitterli. So make sure employees are educated on the dangers of opening e-mail attachments or clicking on suspicious links—not just once but frequently.   

 

Using two-factor authentication. Yes, it can be a hassle, but using two-factor authentication—requiring a password and some other form of verification, like generating a code that will be sent to a mobile device—adds more security for organizations that have multiple people logging in from various locations.

 

A second form of identification that is sent to a personal phone, for instance, boosts the odds that the information will remain secure.   

 

Choosing a strong password. Using complex passwords is one excellent way to protect your account’s security, though it can be frustrating to have to use a different password for each account.

 

Employees should also be required to update their passwords frequently, choosing new and unique passwords for every update. A password manager, or a security solution that includes a password manager, can help keep track of all your unique passwords.

 

Browsing security. Make sure your employees’ devices are updated with security solutions regularly to protect against malware, phishing attacks, and other threats, as well as to identify malicious websites while browsing.

 

Technology isn’t the only risk to data security. There are plenty of people-related risks, as well.

 

Confidentiality

 

“Human error is the source of 90% of cyberattacks, meaning cybersecurity training is not a ‘nice to have,’ but  a ‘need to have,’” says Michael Madon, SVP and GM for security awareness and threat intelligence products at Mimecast.

 

Many employees are used to sharing an office space and working closely with others in the organization, and in those situations, they’re all bound to the same confidentiality obligations.

 

However, this is not so in the case of a husband and wife who share a home office but work for separate companies, potentially even companies in the same industry or direct competitors!

 

The first step in training staff on maintaining the confidentiality of sensitive company information is simply reminding them of their confidentiality obligations...

 

Source: HR Daily Advisor