The COVID-19 pandemic has led many organizations, especially healthcare organizations, scrambling to set up and implement remote working opportunities worldwide. But, just as fast as organizations set up work-from-home opportunities, cybercriminals begin focusing on creative ways to cause havoc.
According to several reports, working from home in 2021 is one of the top cybersecurity trends. For example, consider the following comments from Bitdefender: "As more and more people adhere to the work-from-home schedule imposed by the coronavirus pandemic, employees will take cybersecurity shortcuts for convenience." Additionally, "insufficiently secured personal devices and home routers, transfer of sensitive information over unsecured or unsanctioned channels (such as instant messaging apps, personal e-mail addresses, and cloud-based document processors) will play a key role in data breaches and leaks." Phishing attempts are expected to increase in 2021.
To combat malicious cybercriminals, healthcare organizations and their employees need to pay special attention to their cybersecurity and be on the lookout for any suspicious activity. Good cybersecurity habits are a must, along with ensuring systems and devices are set up properly. Below are tips for working securely from home in 2021, based on the National Cybersecurity Alliance recommendations.
7 Tips for Working from Home
1. Think
Before You Click - Don't Take the Bait!
Cybercriminals are taking advantage of people seeking information on COVID-19. Additionally, cybercriminals are attempting to take advantage of other activities performed online. One tactic is distributing malware campaigns that impersonate organizations and other reputable sources by asking you to click on links or downloads. Slow down. Don't click. Don't take the bait. Go directly to a reputable website to access the content.
2. Lock Down Your Login - Strong Passwords are a Must!
Create long and unique passwords for all accounts. Passwords should be at least 8 characters, multi-case, and should not able to be easily guessed. Use multi-factor authentication (MFA) wherever possible. According to the National Cybersecurity Alliance, MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.
3. Connect to a Secure Network - Never Access ePHI on an Unsecure Network.
When accessing work accounts, electronic health records (EHRs), etc., use a secure network. If using a home router, be sure it is updated to the most current software and secured with a strong password. Never connect to public Wi-Fi (such as a coffee shop) to access work accounts, EHRs, etc.
4. Keep Devices with you at All Times or Stored in a Secure Location.
Devices may include laptops, desktops, smartphones, and other devices used while working from home. Additionally, be sure to log out or set automatic logoff settings on your laptop and/or desktop - even at home - if walking away for an extended period of time, taking a break, or at the end of your workday.
5. Limit Access to the Device you Use for Work.
This means only the approved user should use the device. Family and friends should not use work-issued devices, especially devices used to access electronically protected health information and work accounts.
6. Use Company Approved Devices and Applications.
While working at home, when collaborating and completing tasks, use only company-approved devices and applications; any device or application used when working from home should be approved by your organization's security team.
7. Keep your Software, Including your Antivirus, Up to Date.
One of the best ways to prevent a cyberattack is making sure your operating system, antivirus software, and any other software used when working from home is up to date. Before connecting to your corporate network, be sure that all internet-connected devices including PCs, smartphones, and tablets are running the most current versions of the software. Updates include important changes that improve the performance and security of your devices. Therefore, delaying any updates should be avoided unless you have been advised by your security officer (e.g., for compatibility issues) to do so.
Did you know?
Healthcare Compliance Pros offers Cybersecurity Awareness Training! This training is helpful for all workers, regardless of whether they work in the office or from home. We also have other tools and resources to help your organization aggressively prevent Cyberattacks in 2021 and beyond.
If you have any questions, please contact us
today by email at support@hcp.md or
by phone: 855-427-0427.