Remote working and cyber security: Here's what the experts have to say

Many companies have had to swiftly adopt new ways of doing business to meet COVID-19 public health guidelines. In addition to the issue of human resources management, the widespread implementation of remote work presents significant challenges in terms of cyber security. Hackers are taking advantage of these turbulent times to exploit flaws in computer systems, stepping up their phishing attempts to steal personal and confidential information. We spoke with Steeve Fillion, Director and Chief Information Security Officer at the Fonds de solidarité FTQ, and Yan Bisson, IT Director at a digital services firm in Montréal, to help you identify the main issues and possible solutions to keep in mind.

Use secure equipment

Anti-virus software, password management, remote inventory tools... Corporate computers usually employ the same security configurations and protocols, whether they're used inside or outside the office. According to experts, however, special caution is needed when employees use their personal equipment. "Phishers know that employees don't always have the same security tools on their personal equipment. If they receive an email with a virus, they aren't protected by the company," says Bisson.

That's why it's in the company's best interest to equip employees with secure devices. "At the Fonds, some 800 people transitioned to working from home over the course of two or three weeks," says Fillion. "Some employees had never worked from home before and were not very well equipped." The team had to ensure that the computer equipment provided to employees by the Fonds was configured to maintain the same level of security as at the office. "When employees work from home using their personal network, their workstation is isolated thanks to our configurations. If a virus infiltrates their home network, it has little chance of infecting the Fonds's workstations or network," he explains.

Establish an official remote working policy

When making the transition to telework, a company's work and collaboration procedures can sometimes become more informal. For example, documents may be shared between employees using insecure connections or unauthorized platforms, such as social media.

How can you ensure that your employees are following best data security practices? "Adopting an official remote working policy is one solution," says Fillion. "At the Fonds, we decided to set clear guidelines, one of which prohibits employees from sending work files from a secure computer to a personal email address."

IT Director Yan Bisson points out that, in addition to representing a risk to data protection, failure to comply with policies for handling sensitive data can put companies in breach of contract under the confidentiality agreement established with their clients. Sending out frequent reminders on best practices and providing guides to support and inform employees can help prevent confidential information leaks and ensure that everyone understands the remote working policy.

Follow the usual safety procedures

In times of crisis, certain companies might be forced to implement new technological processes in a hurry and without the necessary skills, which could hurt them in the long run. According to Fillion and Bisson, it's very important to take the time to think carefully about systems configuration and data security to avoid any security breaches. "At the Fonds," says Fillion, "we've made sure that all our data is encrypted in case of equipment loss and that every computer can be reached remotely by the IT team so that we can maintain our processes, even when employees are working from home."

According to the Fonds's Director and Chief Information Security Officer, however, there's no need to panic. "For us, the transition took three weeks. Employees began telework gradually, one group at a time." It's just a matter of organization and prudence. You need to take calculated steps that don't pose a risk to the organization.

Knowing when to ask for help

IT security needs can vary from one company to another, and you may need to call in the experts. "If you don't have the knowledge in-house, it's important that you get proper help," says Bisson. "Make sure you're dealing with a professional technology partner to protect your data and that of your clients."

Fillion agrees, but also urged caution. Many service providers can take advantage of the uncertainty caused by the current crisis to sell expensive solutions that aren't always tailored to your needs. "You'll want to analyze their service offerings and understand what you're getting," he says. He believes that it's best to work with trusted suppliers who know your business and your needs, as they'll be in a better position to give you the right advice.

Talking with other companies in your industry can also be a good way to assess how effective your internal processes. You can  help each other by sharing best practices.

The current situation will certainly change the way many of us work in the future. Some companies are trying remote working for the first time and may become more open to it. Others who are more familiar with the concept may gradually adopt a hybrid version. Whatever your situation may be, it's important to be cautious when transitioning to telework to maintain a high level of security and provide the best possible support to your employees. Be sure to remain responsive and flexible, adjusting your processes as your business needs and cyber threat risks change.