Cybersecurity and Remote Work During the Pandemic


Many businesses ignore cybersecurity until it’s too late. Since COVID-19 forced millions of workers to shift to remote work, it’s now more important than ever to secure your data and networks to minimize the risk of a costly cybersecurity event.

COVID-19 may forever change the way we work – it has caused disruptions in all lines of business and introduced countless challenges to the global supply chain. Many of us are already working remotely; whether you provided your workforce with encrypted company laptops or are allowing employees to use personal computers, there are several actions you can still take today to keep your systems secure.

1. Communicate a single source of truth

It’s crucial during these times to communicate with employees often. Make sure everyone is aware of your remote work policy and cybersecurity best practices for securing your network and data. Your IT team should be easily accessible in case of concerns or to quickly respond to queries. Your workforce should understand that, while working remotely, they aren’t behind the usual barriers set up from the office environment – security is now everyone’s responsibility and each individual is a separate target, and therefore a vulnerability.

2. Secure your WIFI

While working remotely, we’re constantly sharing sensitive information over the internet. The first step to protecting your business data is to ensure that everyone’s wireless connection is properly encrypted. Instruct your teams to turn on full encryption from their wireless access point and set up strong passwords.

3. Secure cloud-based services

Cloud tools such as Microsoft OneDrive or Dropbox allow us to quickly share documents and facilitate collaboration. If your employees are taking advantage of these tools, make sure you’ve enabled the paid version of these services, as they are more secure than the free versions.  Restrict the use of personal emails to conduct business.

4. Set up two-factor authentication and encryption whenever possible

If you think one strong password is enough, think again. Whenever available, be sure to set up two-factor authentication methods, such as a secondary e-mail or a cellphone, to which a one-time secondary credential code could be sent.

In addition, enable notifications so you can see when someone has tried to access your data or to change a password.  Seize this opportunity to incorporate security into your processes by encrypting files, and backing up data.

5. Ensure operating systems are fully patched

When it comes to operating systems (I.e. Windows), the latest releases will include the most up-to-date security measures. If you are notified of an update, it’s often because the provider has identified bugs or vulnerabilities and has released an updated version that patches known issues. Take a few minutes to upgrade to the latest version and enable automatic patching.

6. Reintegrating

You may find that critical processes which “worked just fine” manually—such as using paper or passing around spreadsheets —suddenly become a lot more cumbersome when performed across a virtual workspace or between remote teammates.  Why not take this opportunity to secure and automate part or all of the processes?

Automation through the use of tools and platforms, such as robotic process automation (RPA), can mean that something is done the same way every time. Reducing or eliminating manual errors can lead to improved data security and increased efficiencies.

If you are wondering whether you’re doing enough to maintain the integrity of your network and company data, reach out to me or another member of our Risk Advisory Services and Cybersecurity teams for assistance.

Jorge Rey, CISA, CISM, is a Cybersecurity & Compliance Principal at Kaufman Rossin, one of the Top 100 CPA and advisory firms in the U.S.

Leave a Reply

Your email address will not be published. Required fields are marked *

We respect your personal information. Please review our Privacy Policy for more details.