Safely Working Remotely

By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author

Effective Immediately
As the Novel Coronavirus pandemic continues to greatly impact our nation, working from home is no longer an occasional benefit for many Americans, but is now a requirement for many businesses to continue operating safely and effectively. While working from home does come with its perks, there are many new cybersecurity risks created when employees make the transition to a remote work environment.

It’s important that ALL employees understand their organization’s expectations when working from home, and that ALL employees practice safe cybersecurity to ensure their data stays protected. All organizations with remote workers should have a Remote Work Policy in place that outlines those expectations and employees should be required to read through the policy and sign off on their agreement to abide by it.

Although working from home is incredibly beneficial because it allows organizations to continue functioning during these trying times, remember, it benefits no one if there is an additional increased risk of business failure or loss due to a data breach – we cannot emphasize this enough.

Here are some tips for safely working remotely. All of these are equally important.

1. Make sure you understand best practices. Now more than ever it’s important for you to stay up to date on cybersecurity. If your organization has an ongoing training program, make sure you’re actively participating. Scams like phishing only INCREASE when employees are working remotely – you must stay in the know on current threats and best practices.
2. Make sure you understand your organization’s policies and procedures. If you’re working remotely, your organization should have a Remote Work Policy. Make sure you have read and understood that policy and what is expected of you. You should also continue following ALL company policies and procedures as if you were in the office.
3. Don’t use public Wi-Fi for work. Work should be done from a secured network, preferably in a home environment and with company equipment. It is also highly recommended that you connect to your company’s network with a Virtual Private Network (VPN). If you are unsure of how to do that, contact your supervisor or IT for more information.
4. Keep all software up to date. Updates/patches are often released to address security flaws and other loopholes or risk factors. Keeping all devices updated is critical in preventing unauthorized access.
5. If possible, use only company-issued devices for work. Do not let friends or family members use your company-issued device.
6. Do not use your company-issued device for personal use. It is advised to stay off social media, shopping sites, or any other websites you many visit in your free time when using a company-issued device. Only do secure, company work on company devices and time.
7. Be mindful of where you save files and data. Do not save files on your local or personal hard drives that may be more likely to be breached.
8. Back up your files. If you’re unsure of your company’s backup procedure, contact your supervisor or IT. It is very important to back up your work that way if a local loss occurs, data can be more easily recovered.
9. Use strong, unique passwords. Make sure your passwords for your device and all of your accounts are strong and unique. Never reuse the same password across multiple accounts, and do not share your passwords with others.
10. Lock screens when not in use. This helps limit any unauthorized access to the information you may still have open on your system.

While these are some common tips and best practices for working remotely, make sure you talk with your supervisor to ensure you’re following your company’s protocol.

Remember, smart cybersecurity does not take a break when the office is empty. As a healthcare employee, you have a duty to protect patient data in accordance with HIPAA, making the need for cybersecurity even greater. Let’s all work together to ensure we’re doing everything we can to safely work remotely, and thus, protect patients and their data during this stressful time.

This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.

HIPAA Secure Now! now offers PHIshMD training for CEs and BAs to help protect your organization from security threats.

Technology safeguards put a virtual wall around your network, but what happens when the bad actors climb over that wall? It’s up to your employees. Over 90% of breaches get caused by human error according to Kaspersky Lab, and if you’re not educating users HOW to protect your organization in this ever-changing threat landscape, your organization could be next. LEARN MORE