Do you love working from home?

 

HIPAA compliance and working remotelyYour dog isn't the only one who is thrilled you are working from home. So are the cybercriminals of the world. Before I get too serious, I saw a meme recently of a dog jumping out of its skin because it was so happy to have its owner home. The photo next to it was a picture of an angry cat with the caption - why are you in my house so much lately? Funny, right? Let''s get to it.

While working from home has many terrific advantages, the pitfalls are also plentiful. Not only does it threaten to burst our waistlines, but it also poses a threat to our organization's sensitive data and IT environment. Compromised home networks being connected to secure corporate environments are causing sleepless nights for many IT professionals. Here are some of the specific risks.

First, few home networks have industrial-grade firewalls, if any at all. Lack of an adequate firewall is equivalent to leaving your car unlocked with the keys in the ignition while you're out of town. It's not even fair to say you can be easily hacked since accessing your network is as easy as running free and readily available software to find you and your exposed network. Couple that with one of last year's more pernicious threats, VPNFilter, and even those who believe they are protected are not. For those who don't recall, VPNFilter was a vulnerability identified in millions of networking devices, including both top commercial firewalls and common home firewalls. Lacking proper patching, it's estimated there are still millions of vulnerable devices in homes across the country. What to do? We recommend upgrading your home firewall to a newer product that includes embedded VPN capabilities and an antivirus subscription on the device. That's right, another A/V subscription. We've learned that while protecting each computer on your home network is important, the IoT has added dozens of devices to home networks that don't have an antivirus option. The solution is to add A/V at your perimeter, thereby reducing the likelihood that an attack can even enter your network. We're not recommending a particular brand, but if your firewall offers those two features at a minimum, you're well ahead of the pack and a hacker will likely move on to an easier target.

Second, your home network is polluted. If you have children, they may be running streaming gaming services on their devices that create open holes in your network. Additionally, since Zoom is free for K-12 educators, many kids have Zoom installed on their home devices. While Zoom is a blessing for many teachers, it's also quickly become notorious for its security flaws, not the least of which is the fact that many of its servers are hosted in China. Because of this, we recommend segmenting off your network if you can. In other words, if your work computer can be set up on its own home network, not visible or shared with other devices on your network, you stand a better chance of keeping your system clean.

Third, many of us are remotely accessing our corporate networks through either Remote Desktop Protocol (RDP) or Virtual Private Networks (VPNs). RDP has a history of rampant security flaws and a VPN doesn't necessarily quarantine your device from infecting your corporate network. We encourage you to work with a professional IT company to get whatever technology you are using implemented properly and securely. Two other options are using software solutions like LogMeIn for remote access or moving your corporate data to Office 365 with access through Sharepoint. While both options have their own risks, both are more controlled configurations that are managed by security professionals, so the risks are less than utilizing your own remote connections.


If you have any questions or if you are concerned about your organization's cybersecurity, give us a call at (800) 970-0402. We'll be happy to help.


For more HIPAA information, download our ebook - The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.