With millions of American employees working at home for the first time, companies have scrambled to institute policies and processes to enhance security and protect their valuable data. But even with the most stringent measures in place, security can still be compromised if employees don’t take responsibility for implementing certain measures as well.
Security solutions, such as firewalls and anti-virus software, are critical
Employees who have company-issued laptops are typically protected by powerful security solutions and likely prohibited from installing any new applications on their machines. But those who are using their computers can expose their companies to security risks such as malware attacks, ransomware, and viruses.
The first line of defense and an essential component in network security is a firewall, which monitors network traffic and acts as a filter based on an established set of security rules. A firewall can block malicious traffic, acting as a barrier to hackers, viruses, and other malevolent attacks. Firewalls can be software or hardware-based solutions, and corporate networks tend to have both. For remote employees, a software solution can suffice. While the user can customize firewall settings, this should only be done under the supervision of a company’s IT professional as a network administrator will best understand what type of traffic to allow and what to prohibit. Without assistance from IT, it’s best to rely on the firewall’s default settings.
The next line of defense is anti-virus software, and every device should have an anti-virus program installed. Again, company IT professionals should cooperate with employees to ensure that they choose the most appropriate anti-virus software. There are many anti-virus options available, including free software available for download. However, it’s always wise to choose the most robust solution to protect against viruses, malware, ransomware, and new threats as they develop.
Updates are the employee’s responsibility
Every security solution regularly issues software updates to ensure that the user is protected against all threats. But those pop-up reminders can be annoying, especially when the update takes time or requires the computer to be restarted. The temptation to ignore these reminders can be strong. However, these updates are critical as they may be necessary to patch a security flaw or counter a new threat. Employees who don’t update when prompted leave their devices and their company network and data vulnerable. It is the employee’s responsibility to ensure all updates and patches are made when prompts appear.
Use only approved programs and applications
Remote work requires employees to use a variety of collaboration tools, many of which may be unfamiliar. GoToMeeting, Zoom, Slack, BaseCamp, and a variety of others make it possible for remote teams to work together. Some of these applications are more user-friendly than others, but typically a company will determine what tools should be used. Employees should refrain from downloading substitutes, as this could expose users to a security flaw. In such a case, both company and personal data could be compromised.
Don’t forget the reputational risk
Working at home can introduce many risks not encountered in an office environment. Take children, for example. Children of every age – from toddlers to teens – are fascinated by all manner of devices. An unattended laptop left without the password protection activated can be too inviting to ignore. The potential for embarrassing mishaps is enormous. Imagine the horror of a message sent inadvertently to the company mailing list, or even worse, to a client. Even a pet can cause trouble – in one instance I know of, a Bengal cat sent a security alert to a major corporation’s IT department. The issue of browser controls is also relevant. The child whose own laptop has strict controls might find an unattended computer a golden opportunity for some off-piste browsing. Consequently, every remote employee should ensure that browser controls are activated to filter out forbidden content, and computers are NEVER left on and open without password protection activated.
The COVID-19 pandemic is likely to have long-term implications for businesses around the world, and remote work is likely to be a choice for many even after the lockdown is over. Companies will have to change the way they think about security in this new environment, as will employees. In the brave new remote world, data and network security is not just an issue for the IT department, but the responsibility of every employee.
About the Author
Dan is the man behind the scenes but if you’re a client of ours, you likely have spoken with him. Dan Tomaszewski is our V.P. of Application Support and has the enviable job of supporting our clients around the clock. With over 20 years of experience in the financial services industry, he has built a career on supporting traders and operational clients in optimizing post-trading infrastructures. Dan can help solve your most complex operational challenges through the implementation of a variety of post-trade solutions including trade reconciling, allocating, flow, clearing, and risk.