How Companies Can Adapt for People Working from Home and the Inherent Security Risks
With the COVID-19 global pandemic altering workplaces around the world, emotional disruption and financial uncertainties have become palpable threats to many companies, regardless the size. Since the mass exodus of physical offices in mid-March, the work-from-home model continues to present new challenges business leaders must address in order to maintain basic and routine business operations, first and foremost – cybersecurity. While modern communication tools such as email, Slack, and Zoom have allowed businesses and other organizations to bridge the physical gap created by working from home – this new technology also brings with it new risks. With only a faint light at the end of the Pandemic Tunnel, implementing proper business practices and secure communication protocols will allow business leaders to save both time and money in the long run.
Considering the lifestyle shift essentially forced by the COVID-19 crisis, the element of online communication transitioned from an option to a necessity; and just like with anything new, there is a period of testing, of trial and error, that most communication tools are doing their best to manage in real time.
Separate from, although heightened by, the COVID-19 mayhem, recent technological advancements have brought about the need for updated business ethics and practices that specifically target the handling and management of confidential information. In the past, emails sent without encryption were adequate for most electronic client communications. However, to better ensure the privacy and security of confidential data, many experts now recommend encrypting sensitive information sent via the Internet, especially when it is sent through email. To this end, business leaders have various methods to choose from that span from third-party email services to plug-ins that operate within your preexisting email account. The end-to-end email encryption works by securing emails using public keys — in practice the sender encrypts the email using the recipient’s public key, and then the recipient decrypts it using his or her own private key. Programs such as Egress and Proofpoint can do this at the organizational level, allowing businesses to automatically encrypt emails, therefore increasing security.
Slack User Authentication
Security for internal communications is just as vital as that for external communications. One such tool typically reserved for internal, employee collaboration and communication is Slack. Considering the fact that Slack has over 10 million daily users, opportunities for phishing information and the potential for data breaches are very real concerns. As recent as June 2020, a security weakness was identified that allowed hackers to inject malware and alter data of files sent through Slack. With this in mind, and in an effort to mitigate security risk, employees should do their best to limit, or even refrain, from sharing sensitive business information and private account details via Slack. Additionally, all Slack users are recommended to utilize two-factor authentication – an extra layer of sign-in security where members are asked to enter a verification code sent to their mobile device in addition their email password, thus, further protecting the account if the password is compromised. An added layer of security such as this can work to further diminish the risk of compromising an account.
With many companies running business operations exclusively from home, Zoom has readily become the foremost utilized communication tool, and an integral part of connecting with others during this time of social separation. Understanding that nothing online is 100% secure, it should not come as a shock to learn that Zoom has its fair share of flaws. At the start of the pandemic, Zoom erroneously claimed that its video call data was end-to-end encrypted, meaning that only the communicating users can access the messages. It was later revealed, however, that Zoom’s call data is instead transport encrypted, which is markedly less secure. Additionally, various instances of Zoom software installations have resulted in malware being installed on users’ computers; and it was discovered that over 500,000 Zoom login credentials were found for sale on the dark web.
Moreover, a new type of harassment called ‘Zoombombing’ has emerged wherein video calls are interrupted by uninvited participants entering the ‘conference room’ and spouting hate speech and inappropriate content. With such terrible behavior becoming a potential risk, many organizations have chosen to ban Zoom altogether and eliminate the threat of harassment. The good news is that Zoom is taking steps to increase its security, and has released new features specifically to combat ‘Zoombombing’. Additionally, end-to-end encryption went live in late October, providing added protection for video call data.
Still, there are a few more steps individual users can take to ensure security when using Zoom for business. Foremost, downloading Zoom directly from the Zoom website will ensure that no suspicious malware winds up on your computer. Using features for meetings such as individual IDs, password-protection, and the ‘waiting room’ can all work together to help protect your attendees and keep unwanted participants out of your video calls. Lastly, ensure your Zoom software is up to date to incorporate the latest security features.
For Added Security: Utilizing VPNs
As the remote workforce continues to expand and more and more information is dispersed over the internet, it is important for businesses to prioritize employee and contractor support. A particular added security measure that anyone, businesses included, can implement at a relatively low cost is a VPN – a personal, secure virtual network. With most remote employees using their own computers to handle sensitive information, a VPN is a critical tool in safeguarding against private company data being transmitted over a public Wi-Fi network. A VPN can be utilized to secure the connection, helping to make both the employee and the company information safe from potential hackers; and some contain a bonus of features to detect malware. While it’s difficult for companies to mandate what technology employees use when working from home – VPNs are user friendly, affordable, and offer a valuable layer of security for its users and the information shared.
While the effects of the COVID-19 pandemic are ongoing, business owners ought to take precautions now to best prepare themselves for the future ahead, taking into consideration the potential for further technological advancements and security of information. Considering modern day’s circumstantial necessity for virtual communication in tandem with the fact that security risks are ever present, leaders of businesses and organizations, no matter the size, ought to consider the potential risks of data breaches and the mishandling of sensitive, company information. Not only are there inherent risks when it comes to technology, but businesses will forever run the risk of human error as well.
Thus, by utilizing smart online practices, implementing the appropriate tools, and administering proper security protocols at an organizational level, businesses can attempt to mitigate such risks. Furthermore, with the adoption of safer online security practices, organizations can increase the ability to manage multiple projects, maintain routine operations, and continue to service its customer base all the while more readily prioritizing the safety of the company, its team, and its customers.
[Aaron Swerdlow is an attorney in the Los Angeles office of Weinberg Gonser. He regularly serves as outside general counsel to clients and specializes in corporate, entertainment, finance and technology transactions.]