Many nonprofits are discovering that telecommuting offers a viable alternative to working in an office. As concerns about the coronavirus continue, more organizations are relying on telecommuting to ensure their operations continue.
Telecommuting offers many benefits, but some drawbacks too. Many organizations worry about cybersecurity in the age of video conference calls, instant messenger conversations, and myriad other cloud-based software that enables people to meet, share, and collaborate on projects.
If you’re among those concerned about security when employees work from home, you’re not alone. We’ve put together a three-point checklist to help you think through all aspects of telecommuting safety. Apply this information to your organization’s telecommuting policies and procedures and safeguard your nonprofit’s data and reputation.
Three-Point Telecommuting Security Checklist for Nonprofit Organizations
There are many areas of concern when employees work from home. Everyone has access to different technology and internet services yet logs into central cloud-based systems. Viruses, hacking, phishing, and other threats remain, while new ones emerge. There is no one size fits all policy for all organizations embarking on a telecommuting program, but there are guidelines you can put into place to reduce the risk of problems.
Below you’ll find three areas to review and address as part of your cybersecurity checklist. For more on this topic, we recommend listening to Cybersecurity Advisory. Working From Anywhere, Rebooting Securely.
1. Review hardware configurations and security settings
Many organizations purchased laptops and other hardware to enable critical employees to work from home. This helped them ramp up quickly and get everyone online, but they failed to review each unit’s software and security configurations. The result: the potential for serious security flaws that offer criminals the opportunity to attack an organization’s critical systems.
To address this issue, have an IT specialist review all of the devices and ensure standard configurations. Install antivirus software and make sure it is run periodically. And create a policy and procedure to ensure that in the future, all hardware purchased meets minimum security standards, and IT reviews them before they are distributed to staff.
2. Bring your own device (BYOD)
As an alternative to purchasing hardware for all employees, some organizations allowed employees to use whatever equipment they had at home to log in to their network and systems. This is called “bring your own device” or BYOD and is common among many companies and organizations.
The problem with implementing BYOD on the fly is that everyone in your organization is connecting with a unique device, some of which may be infected by trojans and malware. Some people may be diligent about running security scans and updating their software, while others don’t know they should be taking such actions. The results could be catastrophic if someone uploads a document infected with a virus or malware.
To fix this problem, make sure that you ask employees to use a VPN to connect to the corporate network. Remind employees to run security checks and update software. Have your technical specialists draft a process by which employees can use their own devices safely. This may include steps taken on the organization-owned hardware and systems to secure sensitive data, upgrading security measures on an organization-wide level, and other steps indicated by your technology team.
3. Temporary changes that (accidentally) became permanent
Many organizations implemented temporary changes to address the confusion of the early stages of the pandemic. These included forgoing required password changes, allowing employees to share logins, and other things that at the time solved problems but now pose a threat to the organization.
The solution is to return to the pre-pandemic best practices and procedures as soon as possible. Speak with your teams and ensure that everyone understands why the changes are implemented and why it is essential to return to “all systems normal” as soon as possible.
Cyber Security Training Remains an Urgent Priority
According to the University of San Diego, phishing attacks have become more sophisticated. Increasing vigilance and protection against all types of cyberattacks is critical.
Many cyberattacks can be thwarted simply by user awareness. That’s where training for your team comes into the picture. Make sure that you frequently offer, up–to–date training to remind staff about the many ways in which criminals use the internet to attack and steal data. Update policies that address cybersecurity and offer virtual training to ensure that all staff remains alert to cyber attacks.
Welter Consulting
Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.
Recent Comments