Working Remote

While the world is focused on the most recent threat posed by COVID-19, cybercriminals around the world are capitalizing on the crisis by launching a different kind of “virus.”

Many employees are working remote, and companies are functioning with little to no personnel onsite or skeleton crews to support IT and other essential functions.

Both employers and employees need to take the utmost care to protect themselves, as well as company information. Help minimize the risk while working remote with diligent security hygiene and best practices.

1. Do not use Personal Laptops for Work

Employees and contractors should only use company-issued laptops for work. Using personal devices for work purposes increases security risks and creates document preservation issues. In addition, anti-virus software may be out of date on personal devices.

2. Practice Good Cyber Hygiene

Make sure your devices are up to date with anti-virus protection and use secure, known connections while working remote. Avoid the temptation of using Bluetooth when in public spaces – it is an easy way for hackers to connect to your device. Use multi-factor authentication, when available, and be sure to follow company guidelines for internet and personal device use.

3. Only use Secure Wi-Fi

Only work on secure, password-protected internet connections. If you must use public Wi-Fi, be sure to verify with the owner that the network is legitimate and password secured. Avoid accessing corporate drives that may provide access to confidential or sensitive information from a public Wi-Fi network.

Hackers may try to trick you by mimicking the name of a secure network, so look closely and verify to ensure the one you join is legitimate. Otherwise, an open network can give the hacker control and access over everything you do on the internet.

4. Be Extra Vigilant about Phishing Emails

Cyber criminals love a crisis. Be on the lookout for phishing emails designed to entice you to click on the latest and greatest offer related to coronavirus protections or urgent instructions from your boss, intending to get you to unwittingly download malware.

This pandemic has generated more business email interruption scams, including an increase of hacked accounts through phishing emails, allowing hackers to send fraudulent invoices purporting legitimate vendors. Hackers then have the ability to change wiring instructions to their account.

Make sure to enable multi-factor authentication on all accounts, specifically Office 365 email accounts. For any questions about the validity of an email, contact the suspected sender (via a different form of communication, such as a text to ensure legitimacy) or share the email with your IT department. Do your due diligence before taking action on a suspicious email.

5. Confidential Information is Still Confidential

Employees and contractors must uphold the processes and procedures used to handle confidential information at home, the same as in the office. Personal email should not be used for anything work-related. While not as common, printing sensitive information at home also poses a threat. Printed documents may be subject to shredding in the office environment, so ensure shredding of appropriate documents or refrain from printing confidential information.

It is important we remain available and responsive during telework. While remote work provides flexibility it may also present new vulnerabilities. Take this time as an opportunity to brush up on company security protocols and help in the fight to #StayCyberSafe.


Dana Pickett serves as former Edwards Principal of Cybersecurity and CISO. He is experienced in managing programs with a focus on both business and technical risk management for cybersecurity, audit and privacy/compliance with diverse requirements. While being a member of various task forces for industry and state government cyber security, risk management and compliance initiatives, Dana has proven to be effective in communicating to executive management, various senior executive boards and councils, and Audit Committees to achieve sponsorship and governance.