With the pandemic still sweeping through the country, what began as a short-term adjustment to working from home has turned into a long-term change. Experts say you should keep home-office security in mind.
You may have begun using remote-work technology quickly when lockdowns first hit. But that technology may not be secure enough for working remotely for the long haul, warned Adam Crawford, vice-president of managed services with Toronto-based Herjavec Group.
“Many of the traditional defences deployed in an office, like firewalls, secure Wi-Fi and network security, may not exist in a home office,” Crawford said. “This can not only create risks for the devices that are on the home network, but also introduce risks to the company through the connections between those devices at home and the office network.”
To keep your home office protected, you can take a two-step approach to securing your technology.
First, secure the devices you use at home with antivirus software that can recognize new malware threats, Crawford said.
Second, secure the network connections you use to access the outside world, said Darren Coleman, senior vice-president, private client group, and portfolio manager at Coleman Wealth, a unit of Raymond James Ltd. in Toronto.
Coleman recommended securing your home Wi-Fi connection with a strong password. He also suggested using a virtual private network (VPN) to connect to your office network.
“Advisors’ firms should assist with providing a secure remote-access facility, like a VPN,” Coleman said.
A VPN can run on your mobile device, laptop or desktop computer to connect to your office network through an electronic gateway. VPNs ensure that only authenticated devices can access files and applications on a network. VPNs also encrypt all communications.
Keeping tools up to date
VPNs, along with the applications and operating systems running on your devices, are only as secure as their latest security update. New security patches should be applied as soon as vendors release them, Crawford said. Otherwise, cybercriminals can exploit vulnerabilities in your software to gain a foothold in your network.
You also have to identify the proper channels for exchanging certain kinds of information, Coleman warned.
“Transmitting files back and forth between colleagues should only be done through secure and company-approved software programs,” Coleman said. “It is very easy to slip into sending things using personal email or file transfer systems, but these are not secure.”
Coleman recommended DocuSign, a cloud-based service, as a secure way to send clients documents that need signatures.
There are many other online services available, but you should avoid experimenting without a proper security evaluation, said Mark Nunnikhoven, vice-president of cloud research with Trend Micro Inc., a cybersecurity software company based in Tokyo.
“It’s easy to adopt a new tool to help the team stay connected,” said Nunnikhoven, who works in Ottawa. “But is that tool appropriate for the types of information and conversations you’re going to have using it?”
Getting physical — virtually
You may have shifted to videoconferencing for keeping up with clients, but beware of potential security pitfalls, warned Nunnikhoven.
“With consultations and other meetings shifting to video, advisors should be aware of their physical environment,” Nunnikhoven said. “What’s in the background on that whiteboard? Is there sensitive or client information visible? It’s easy to overlook that active file that’s been sitting on your desk all day, but [the file] very well could show up on video.”
You also should remove confidential information from your computer’s desktop, he warned, as the desktop screen often appears inadvertently during screen-sharing with clients and other contacts.
Beyond that, you should make sure your video conferences are secure. The pandemic has seen plenty of “Zoom-bombing” attacks, with troublemakers crashing Zoom meetings that were not password-protected.
“We recommend [that] meetings are protected from unauthorized access with a link, a moderator to admit attendees or a password to enter a meeting. This is especially true for advisors meeting with clients [and] discussing sensitive financial information,” Crawford said. You should avoid publishing meeting information on social media, he added.