Five Tips to Enhance Telecommuting Security

Let’s face it – telecommuting is on the rise. Yes, COVID-19 has changed the short-term decisions that businesses make regarding work-from-home policies. Amazon, Apple, Facebook, Google, Microsoft, Twitter and more major companies have encouraged large numbers of their workers to stay home instead of working at their offices in Seattle and San Francisco.

The pandemic is likely to cause a long-term shift towards telecommuting and teleconferencing, moving forward. Employers will conclude that telecommuting provides various benefits, not only to the company, but also to society. Not only will the shift to telework make life easier for companies because employees will become more productive and real estate costs will decrease, but it also helps reduce traffic congestion.

That’s not to say that telecommuting has no downside. Moving business away from face-to-face meetings to an electronic medium potentially makes employees, managers, and sensitive data vulnerable to intruders looking to have some fun or inflict serious damage.

How do we make sure this doesn’t happen? Continue reading for our tips to help you secure your work-at-home environment.

5 practices can increase the security of your telecommuting environment:

1. Don’t make teleconferences public

For IT professionals, this may seem obvious given how easily accessible meetings can be, but this is a step that many companies can take to promote security. Making teleconferences private is a twofold process.

1. 1. Encourage fellow teleworkers not to share the link publicly or on social media sites. 
   2. Set a password for each and every conference and make sure to only send the password to those who need it. Not doing so makes “Zoom-bombing” and intrusion easier for hackers. 

The FBI recently published an announcement recommending that all those conducting teleconferences make meetings private, otherwise hackers could display malicious images and texts on your video call. The FBI reported that two unknown characters appeared on the Zoom classes of separate high schools in Massachusetts. On one call, an unknown character shouted the instructor’s home address and expletives. On the other call, an unknown individual shared swastika tattoos with a high school class.  The Department of Justice has announced now that "Zoom-bombing" is illegal and can result in jail time. When it comes to cybersecurity, this probably isn’t your worst nightmare, but it’s pretty high up there. Refraining from making teleconferences public is an easy fix. 

It’s advisable to also utilize all security features provided by the application – for instance, Zoom now enables the “virtual waiting room” feature for all meetings – it prevents attendees from joining before the host and therefore is another way for the host to ensure that there are no unwanted attendees waiting to enter the meeting.

There was even an issue when hackers could access computer credentials through links dropped into a Zoom meeting.  Zoom has patched this issue since, but it is important that users update their Zoom apps regularly to ensure that they are using the latest patched version. In response to the rise in hacking of its platform, Zoom recently announced that is it increasing its security measure.

2. Utilize encryption and Virtual Private Networks.

   Before connecting to your corporate applications or meetings, your employees should be on a Virtual Private Network (VPN). Basically, a VPN, which encrypts your data coming in and out, creates a tunnel between the employee’s computer and their destination on the web. When intruders try to lift sensitive data or interfere with your work connection, the encryption on a VPN helps provide protection. Some say that virtual private networks will not be able to handle the strain of thousands of workers telecommuting, but this primarily holds true for large corporations who have their own corporate virtual private network that’s designed for use by part of the workforce. Small businesses have an edge because they can use any of several VPN providers available like ExpressVPN, NordVPN, LogMeIn and others that are optimal for small business use.

While talking about encryption, also consider using email, messaging and teleconference facilities that encrypt their communications.  There are some that provide end-to-end encryption that are obviously the best, but many other solution providers are working towards the goal of providing end-to-end encryption.  

3. Implement Multi-Factor Authentication (MFA)

   One technique that many hackers use to infiltrate a teleconferencing session or any other corporate application is that of imitating an employee or someone who is supposed to be on the conferencing platform or application. It’s difficult to tell what’s real from fake, so why not let the platform do that for you? Establishing Multi-Factor Authentication, or asking the teleworker to provide evidence that they are who they say they are through their email, their text, and by providing a password in the session, is a great way to reduce the probability of cyber-intrusion. 

4. Educate employees

   A company can do everything right on the backend, but if they don’t educate their employees on best practices to ensure cybersecurity and safety, it will all be for nothing. For example, if a teleworker doesn’t change their router’s password, or they use their neighbor’s WiFi, the probability that your teleconference is penetrated by unwanted individuals spikes regardless of any security measures you may have taken. What’s worse is phishing. If your employees click on a URL or even open a message with harmful content, it is very likely that the details required to enter your teleconference will be compromised. So, making sure your employees understand what’s expected of them is an important part of sustaining the security of your telecommuting environment.

5. Establish robust disaster recovery and business continuity plans

   I know. You’re tired of assuming the hacker will get through your defenses. You made your teleconferences private, you’re using a VPN, you have set up Multi-Factor Authentication, and have educated your employees. What more can you possibly do? Believe me, I get it. But, there’s one last step to cover if everything goes wrong. You need a backup to make sure you can start from scratch if the need arises.  

Disaster Recovery Plans, Incident Response Plans and Business Continuity Plans give you your plans and procedures to prepare for a disaster.  Let’s say Sammy the Hacker is actually a group of fifty hackers trying to slowly scrape together enough information to bring down your business. Let’s assume they have infiltrated your network and have obtained access to your private, confidential data. Let’s assume the worst-case scenario. Sammy and his friends are blackmailing you asking for a large sum of money in return for decrypting your information. How do we make sure that we can recover? Disaster Recovery and Business Continuity Plans would ensure that you have a backup of all essential information and would provide procedures for how to recover from those backups in the event of an emergency. In the case of an earthquake, a hurricane, tsunami, or Sammy the Hacker, disaster recovery and business continuity plans and regular data backups would help you get your business set up again.

Final thoughts

Let’s sum it up. We know that telecommuting is inevitable. It’s a part of reality due to the advent of the COVID-19 outbreak. Many major corporations like Google, Amazon, Twitter, have all stated they are actively encouraging their workers to work from home, if they can. This will usher in a paradigm shift that makes telecommuting a part of our lives even after the pandemic slows down.

So, how do we deal with the security risks? One, utilize security features of teleconferencing applications. Two, ensure your employees use VPNs and encryption features of all your corporate applications. Three, use multi-factor authentication to make sure intruders can’t imitate employees and gain unauthorized access. Four, educate your employees on the best cybersecurity practices to ensure security and privacy. Five,  make disaster recovery and business continuity plans to facilitate recovery after a cyber attack.

Telecommuting is not perfect. Nothing is. But, just like our shared situation involving a very nasty virus, we can make the best of it.