In response to the coronavirus (COVID-19) and related social distancing rules and guidelines, an ever-increasing number of companies are closing their offices and implementing work from home policies.

For some workers and companies, remote work is already routine. For others though, this is uncharted territory. Many workers who previously worked exclusively from an office suddenly find themselves working from home. Many companies, accustomed to supporting a majority in-office work environment, suddenly find themselves supporting a significantly more dispersed and remote work environment.

These changes are both unavoidable and absolutely necessary as we all work to curb the spread of the coronavirus, but they may also increase the risk of enterprise data breaches, malware, and computer virus infections.

Any security risk, of course, pales in comparison to the potential human toll that the coronavirus could take should it spread further. Nevertheless, enterprises still need to do what they can to protect their data and systems as they navigate this drastic, albeit temporary, shift in their working arrangements.

Work from home cyber risk

Why is there an increased risk of data breaches and malware infections when more employees are working remotely? When working within an office, a selection of security defenses are typically put in place to protect enterprise systems and data. Whether it is web security gateways, cloud security defenses, behavior monitoring technologies, encryption, or anti-malware applications, the reality is that significantly fewer of these defenses are likely to be available at home or, if they are available, they could be poorly configured.

With that in mind, here are the steps security and technology leaders can make to keep their organization’s data and systems secure:

Make it clear which clouds and applications are sanctioned for use and provide a secure way for employees to access these applications.

The last thing any organization needs is enterprise data being spread across staffers’ personal Dropbox and iCloud storage accounts. Whether using a secure gateway, remote desktop connections, or creating corporate accounts through their identity management platform and allowing direct application access — organizations are going to have to provide access to corporate applications so that staffers can access and use their data securely.

Whenever possible, keep the work to enterprise endpoints.

Not all workers being asked to work from home due to coronavirus will have dedicated work devices, such as laptops and notebooks. If possible, provide them dedicated equipment that they can use from home to work.

This will make it easier to enforce good endpoint security practices, such as adequately configured endpoint firewalls and anti-malware controls. For those who can’t provide dedicated endpoints, consider virtual desktops. This way, a dedicated endpoint can be kept separate, and the virtual system will be protected from all of the other users on the home system. A remote virtual desktop is another option to consider.

Bật xác thực đa yếu tố.

When employees access work resources from their homes, they appear as unknown network sources, making it difficult for companies to tell the difference between legitimate staff and adversaries with stolen credentials. The use of multifactor authentication, such as one-time codes sent to trusted phones or through the use of a one-time PIN generation app, can help to discern if valid credentials were indeed provided by legitimate users.

Establish a support hotline for new remote workers.

Workers who rarely or never work remotely will have technical support questions. They will want to know how to configure their systems properly. If there is a corporate VPN, they will need help setting that up. A dedicated hotline with these questions, while also helping workers set up their home router properly, create a dedicated subnet for work, and otherwise correctly configure their system for optimal security.

Use encryption.

If at all possible, remote workers should use full disk encryption on their devices. They should be coached on how to set this up properly on Windows or macOS if IT or the security department can’t do it for them.

Provide security awareness training.

With so many newly minted remote workers, this could be a good time to raise the security awareness of your company’s workforce through training, especially if it hasn’t been done in a while. Such training will remind people about good remote security practices — being careful about clicking on links, not using public Wi-Fi, and not leaving their laptop in their car.

We all can use such reminders, and a drastic change to the work environment is a perfect time. The reality is that more companies are dictating, or allowing, staff to work from home. This will hopefully help stem the spread of the coronavirus, but with this comes potential security risks. By taking a few precautions, along with support from the organization and common security sense, there’s no reason that risk can’t be reasonably mitigated.