Although many businesses have returned to regular operations, there is still a large portion of workers that continue to work remotely, or work on a hybrid schedule. It seems as though this may continue for sometime, and for some companies, indefinitely. There can be a host of cybersecurity issues when staff members access company information while working remotely. So, how can you protect patient privacy in a remote work environment? Start off by implementing these remote working security tips.
- Create a device policy
- Train employees on how to recognize phishing attempts
- Implement two-factor or multi-factor authentication
- Install security updates as they become available
Remote Working Security Tips: Create a device policy
At the start of the pandemic, many businesses scrambled to transition to a remote work environment, leading to a shortage in laptop computers, causing many workers to rely on their personal computers to do their jobs. Often, remote workers struggle with a work-life balance, as the lines between work and home life blur, which was exacerbated by the shortage.
The problem with using a personal device for work is lack of security. This can include insufficient technology to keep confidential information secure, as well as risks associated with sharing the device with other individuals, such as family members. To improve your organization’s security, it is important to identify workers that are still using personal devices for work, and equip those devices with advanced security protections.
You may also consider purchasing them a work laptop if they will continue to work remotely for the foreseeable future. However, even with a designated work computer, employees may be tempted to use their work devices for personal matters. Security tips for working remotely suggest this can be a risky habit. As such, it is important to develop policies and procedures for remote workers, including a bring your own device policy. To ensure that your remote workers are protecting patient privacy, employees must be trained on these policies and procedures.
Ali Sleiman, Infoblox’s technical director for MEA, “There used to be a clearly defined parameter and security strategy for companies… but the pandemic and the evolution of technology brought changes to the strategy. This forced companies to build and use a new hybrid workforce, a remote workforce.”
“In such an environment where you have changed not only in the architecture but also how your workforce has to operate, you have to adjust your cyber security strategy. If your cyber security strategy is not rolled out from day one because of these changes, companies and their employees will be at serious cyber security risk,” furthered Sleiman.
Remote Working Security Tips: Train Employees on How to Recognize Phishing Attempts
Another security issue that skyrocketed during the pandemic was phishing attacks. There was a staggering 630% increase on cybersecurity incidents targeting cloud services, directly related to the rapid increase in the adoption of these services. According to Jesper Anderson, Infoblox’s CEO and president, threat actors targeted remote workers by sending 60% of last year’s malware through cloud applications. Again, there was a scramble to get employees up and running remotely, which caused many businesses to overlook the cybersecurity implications of doing so.
Phishing has been an issue for businesses for many years, however, hackers have become more sophisticated in their attempts. During the pandemic, hackers went so far as to send phishing emails, seeming to be COVID updates from government agencies, to gain access to sensitive information.
Although phishing attempts can be difficult to spot, a key aspect of protecting patient privacy includes training employees on how to recognize them. “End-users will always have the primary responsibility to have the awareness of what could be a threat, provided that they were given the proper training and clear policy rules. However, cyber criminals today are getting very sophisticated, and they find ways to manipulate and penetrate to create those types of vulnerabilities for end-users,” stated Ali Sleiman, Infoblox’s technical director for MEA.
Remote Working Security Tips: Implement Two-factor or Multi-factor Authentication
One of the ways in which you can easily add an additional layer of security is by implementing two-factor (2FA) or multi-factor authentication (MFA). 2FA or MFA are means of user identification that require users to input two or more login credentials to access sensitive information. These other credentials may include security questions, one-time PIN sent to a mobile device, or biometrics.
The likelihood of usernames and passwords being exposed continue to grow as phishing attacks increase. As such, organizations should implement 2FA or MFA wherever possible. The additional layer of security provides protection against unauthorized access to confidential information because, should a user’s username and password credentials be compromised in a phishing incident, a threat actor would be unable to access sensitive data with those credentials. The threat actor would also need access to the user’s other login credentials to permit them access to the information, which is unlikely to be the case.
Remote Working Security Tips: Install Security Updates as They Become Available
One of the most important remote workforce security tips is to install software updates and patches as soon as they become available. These updates and patches are specifically released to address vulnerabilities in the software’s security. When users fail to install them, they leave their system vulnerable to threat actors, who can and will exploit those vulnerabilities.
There is also the issue of using legacy software, which are software versions that are no longer supported by the developer with software updates and patches. In 2019, this became a huge issue for healthcare organizations operating on outdated Microsoft operating systems, causing Microsoft to release a rare software patch for their legacy operating systems.
At the time, Dustin Childs, a researcher with TrendMicro’s Zero Day Initiative wrote in a statement, “Microsoft considers this so severe, they are even making patches available for out-of-support OSes like Windows XP and Windows Server 2003. That’s no excuse to not upgrade to a supported OS, but regardless, go install that patch.”