Virus Protection Has a Whole New Meaning

For compliance professionals, listen to our accompanying audio interview discussing HIPAA, SOC and PCI compliance during a pandemic, featuring Robert Ramsay and Brett Bane of Pondurance.

 

Remember when “virus protection” only referred to malware? When we talked about “wiping phones” prior to March of 2020, it was all about erasing data from a lost device. With millions of people around the world working from home and spending endless hours on video call platforms like Microsoft Teams and Zoom, there’s a plethora of new cybersecurity issues to consider, and we’ve detailed some of the top ones here. Have one to add to the list? Let us know!

Using Home Wi-Fi for Business Purposes

Remind your employees to be especially careful of shared networks, “borrowed,” or free networks on older routers or home access points, which may not be as secure as newer technology. Consider requiring the use of routers with known passwords under the employee’s control.

A virtual private network (VPN) appears to be the most common practice now for ensuring data in transit is encrypted, and while that’s an excellent line of defense, it’s only effective if your employees consistently log into the VPN. Consider implementing a policy for that as well, if you don’t already have one in place.

Sharing Work Computers with Family Members

With so many kids doing their schoolwork from home, it may seem logical to share devices, but that can present a security risk. The most-secure stance is to implement a policy limiting the use of company-owned devices to company work only – i.e., “Do not use this computer for anything but work.”  Whether that works for your organization depends on your company culture.

Adding Personal Devices to Your Company Network

This is tempting if your employees don’t all have company-issued laptops, and many organizations already have “bring your own device” policies and practices. But “bring your own device to your home office” may be an entirely new phenomenon.

It may seem counter-intuitive, and it will depend on the sophistication of your workforce, but you may need a policy that very specifically defines how employees get equipment to use at home and how that equipment is configured with remote access and antivirus solutions.

Don’t Get a Virus from Fighting the Virus

Scammers are clever, and anxiety levels everywhere are high – and anxious people are more prone to making mistakes. They may be clicking on new sites, and they’re definitely adding new “meeting” tools, and receiving more calendar invitations with links. Now is a great time to implement additional training for being cautious about misinformation campaigns, malware attacks, and phishing schemes.

Remember to Exit

Whether it’s another work meeting or a happy hour event, be sure to exit your Teams, Zoom, or Hangouts meeting. You probably don’t want to continue broadcasting your work or family life after the event has ended.

The Need to Shred Didn’t Get Shredded

The need for shredding confidential information doesn’t go away when your employees are working remotely. You may need a detailed plan for saving and shredding later for employees who don’t have their own shredders at home. Perhaps those empty cardboard boxes in the office would be useful for employees to use at home, saving confidential information for shredding later at the office. Another idea is to have shredders shipped to employees who access sensitive data.

Disinfecting Your Device – Hand Wipe versus Delete Wipe

Now that we’ve covered the digital realm, let’s take a moment to look at disinfecting our devices in the physical world. Research shows we check our phones an average of 47 times per day, and unfortunately, they’re crawling with germs: A recent study found more than 17,000 bacterial gene copies on the phones of high school students. In a world where we’re all much more concerned with sanitizing, keeping our devices clean has a whole new level of priority.

Don’t be afraid to use a disinfecting wipe on your phone and keyboards – any residential grade hand or surface wipe should disinfect your device; note that Apple has changed their position on using alcohol wipes on phones as of April 23rd, now saying it’s fine to use a 70-percent isopropyl alcohol wipe – but you still can’t use bleach. (The Wall Street Journal’s Joanna Stern has a clever article and video on her trials with a variety of cleaning solutions.)

Summing Up

The Barnes Dennig System Assurance team helps companies stay compliant with SOC 1, 2, & 3, PCI DSS, HIPAA, GDPR and many other compliance frameworks, and we’re very interested to see how IT departments evolve their policies and procedures to accommodate the work-from-home conditions imposed globally.  If you have questions or a story to share, or would like to talk about compliance for your organization, contact us. We’re here to help.