With Work from Home the new normal, is your Personal Information safe?
Work from home is the new normal for many that have not lost their jobs related to the pandemic. Knowledge workers are those that are most likely to be able to stay connected electronically and perform their jobs from a home office. What is the impact of this change to protection of your personal information (PI)?
Should you be concerned?
Many businesses capture your personal information as a part of normal business operations. These businesses include financial institutions, government organizations, background check companies, mobile phone companies, online retailers, advertising companies, food delivery companies, the list is very long. Work from home means that workers from all of these companies would have access to your personal information in their new office – their home. Technically, this means that the security of your personal information is dependent on company policies, technical security controls managed by the business, technical security controls managed by the home owner and even physical security controls of the home owner now. If this concerns you, it should.
Can work from home be secure?
Yes. But to do this, protecting company information and your personal information needs to be thought through, risks identified and mitigated. Here are some likely threats that need to be addressed:
- Can employees print sensitive information on their home printer?
- Can employees download sensitive information to their personal computer?
- Can employees access their local files on their PC or the home network when connected to the business network?
- Does the employee or the business manage the device that is connected to the business network?
- Can employees connect their personal computer to the internet directly from home and can they retrieve personal email on the device (that may be phishing or malware attacks)?
- When was the last time home firewalls/routers were patched?
- Does the business know if home firewalls have strong passwords?
- Does the business ensure that employees use multi-factor authentication before enabling access to the company VPN?
What else should you think about?
Most businesses have their own “supply chain”. And in knowledge work, this supply chain includes service providers to the business. These service providers likely also have their workers working from home. The risk to your personal information and sensitive business information cascades through the business supply chain to layers of home workers.
What should you do to protect your personal information?
First be aware of the issue. Second, ask questions. For example, how has your bank, volunteer organization, online retailer, trash company, physician, (fill in the blank), addressed the increased risk to your personal information now that their workers and their service providers workers are at home?