Out of office? Be on alert: tips to protect your business information

Working from home? The commute’s a breeze, the pantry is on tap and you haven’t ironed a business shirt in weeks. But don’t drop your guard just yet.  Now that you’re working outside your controlled office environment you need to stay vigilant when it comes to protecting your business information.

Ger Van Hees, owner of Wellington firm Good Security Awareness and a Moore Markhams Wellington client, has some tips for keeping your information safe from security attacks and breaches.

1.     Use different devices for work and personal matters where possible. Just as you do with email accounts, keep work and personal computing separate to minimise the risk of your business information being accessed or compromised. If you’re playing games, surfing the web or accessing your social media accounts on your work computer, phone tablet etc, there’s more of a risk you could introduce viruses or ransomware to the device you also use to access confidential and important information.

2.     Safeguard your home wi-fi network. You want to make sure that no-one in your vicinity can connect to your network without your authorisation. You can enable encryption on your modem and router. Check your modem manual for instructions or call your internet provider for assistance.

3.     If you’re connecting to an office network or server, make sure you are using a Virtual Private Network (VPN). This is essentially an encrypted tunnel between your computer or device and your office network or server. Many businesses will have a VPN as part of their IT set-up. If you’re accessing systems or software hosted in “the cloud” or online, this communication will in most cases be encrypted by the host as part of the standard service.  

4.     Strong authentication when accessing systems and services is more important than ever. The usual password policies apply; don’t use a simple or personal password that can be easily guessed, use a password that is a minimum of eight characters with a mix of lower and uppercase letters and numbers. A string of random characters is best, and the longer the better. Never use your business password for other sites and use separate passwords for separate applications.

Struggling to remember all your passwords? Use a password manager like LastPass – a password manager tool that lets you store all your strong passwords and use them easily.  Then you just need to remember the one password for that password manager.

For even stronger authentication, many systems and applications (business and personal) offer two-factor authentication. This is a security measure that uses what you know (your password) with what you have (a device such as your phone). For example, after you put in your password, the system or service provider will send a six-digit code to your phone that you must enter before you will be given access (or the code is shown in an application like Google Authenticator). It’s a good idea to use two-factor authentication on your primary email account (the one you use to set up your various accounts and reset passwords for those accounts), your Virtual Private Network and your social media accounts.  

5.     Think about physical security. Who is in your house and could potentially see sensitive information or hear your confidential conversations? Always lock your computer when you walk away from it (in Windows devices this is as easy as pressing the Windows Key and ‘L’ together). Keep your business devices under your control – don’t let the kids play games on your work tablet. If you have paper files with sensitive information, lock them away when you are not using them.

6.     Make sure you are backing up your files. At your office this is often an automated process, but at home you may need to manually back-up files to a USB or external hard drive. If you are using a service such as Office 365, or Google G Suite, then you have the option of syncing documents to the cloud (saving them online).

7.     Be security aware. Major global crises and events – such as the COVID-19 pandemic – are golden opportunities for phishing attacks – emails that at first glance may look genuine but contain a link or attachment that gives the attackers unauthorised access to your device. Google has reported blocking 18 million COVID-19 scam emails each day. To test and improve your security awareness, you can take a free online course at www.knowbe4.com/homecourse. Password: homecourse.

8.     Use a trusted video calling service, such as Zoom, Microsoft Team, Google Meet or Google Hangouts for meetings. Zoom has become the video calling service for many businesspeople working from home, but hit the headlines when hackers were able to access to Zoom video meetings. The company has since improved its security and encryption. Make sure you set up passwords for your video meetings and use the waiting room feature to let people in.

For more advice on protecting your business information or security awareness programmes for your employees, you can contact Ger Van Hees by email or phone 022 1244 752


This article was prepared for Moore Markhams New Zealand.