Due to the COVID-19 pandemic, employees and companies across the world are scrambling to adapt to the new reality of working from home. To learn more about some of the technological and security issues around this, we spoke with Metova CTO, Andrew Cowart.
Is working from home less secure than working in-office?
For most people, it doesn’t have to be. There are some basic things you can do – use a password-protected wireless access point or an ethernet cable for internet access, use a company VPN where possible, use a separate device for work and personal usage, don’t download untrusted applications. If you take precautions, working from home should be about as secure as working in a standard office environment. If you work in a more secure environment, your own IT staff should be providing their guidance on working from home in a secure way.
What are some basic and/or overlooked ways remote workers can fortify and protect their security?
Some minor annoyances are worth the inconvenience they cause. For example, when you log into your work email from a new location, and it prompts you to send a text message to yourself to verify your identity – that’s 2-Factor Authentication and is one of the best ways to secure accounts when it’s available. If it’s an option for your work email, make sure it’s turned on – and if you’re in the IT department of an organization, consider making it mandatory.
Likewise, with many people now using laptops for work, it’s important to enable “Full Disk Encryption” (windows, mac), to ensure that without your password, if you misplace your laptop, the confidential data should still be safe. Available tools, like “Find my iPhone” can also be used to help with remotely wiping lost or stolen devices.
How can someone working from home optimize their technology (phone, laptop, router..etc) for remote work?
The best thing is to separate work and personal technology as much as possible. On computers, if you are using the same computer for both work and personal use, consider making two user accounts and switching between them. If you use some of the same tools and programs between both, try to find a way to make them look different – for example, if you use GMail for both work and personal use, try making them use different themes. This not only helps your mind focus on “I am working, I should restrict myself to work things”, but can also help avoid accidental usage of the wrong account.
48% of people say they are more productive working from home, while 29% say they are less productive. In the future can companies use this split to best organize their workforce?
I believe so. At Metova, we work a lot with programmers, and there have definitely been mixed feelings on our team – some people work best with light background noise or music, some people need the ability to turn to a colleague next to them and ask for help right then, and some people need to block out all distractions and noise and focus. For most companies, it’s impractical to accommodate all of those types of people in one office. Hopefully, the opportunity to work from home now will allow you to determine what works best for you and can help spark a conversation with your employer when they start talking about going back into the office.
18% of people who are newly working from home since the COVID-19 pandemic say they do not have clear security and password guidelines from their employer. What sort of problems does this present and how can a company avoid issues in the future?
The most realistic issue that’s likely to occur right now is when an employee is using the same computer for work and personal usage, downloads insecure software, and gets a virus that then either steals their data or deletes it. How much that would affect each company can vary, but in general, companies need to plan for those two options – how do you prevent or minimize the data a compromised computer can leak, and how do you make sure that data isn’t permanently gone if a virus or hardware issue wipes out a computer?
At Metova, none of our developers would lose more than 8 hours of work, at the most extreme, if their work equipment is damaged and unrecoverable, due to committing their code to cloud-hosted servers at a minimum of once a day. Using Google Drive, OneDrive, DropBox, and others, you can ensure that loss of data from a single source won’t disrupt your business. And – this is where policies come into play – if you ensure that the employee’s Google Drive, OneDrive, and DropBox are business accounts that your team manages, you can also ensure that access can be removed as needed.
Are you seeing any tech innovations, or novel uses of existing technology, that has stemmed from the COVID-19 pandemic?
I’m not sure that there’s been enough time for major new tech innovations to really come from COVID-19 yet, but there are two new uses of existing technology I’ll talk about.
The first is with contact tracing – you may have seen both Google and Apple heads of development talking about working together on it, and while it isn’t rolled out yet, this is approximately how it will work – This is going to be a new update that will roll out to phones, using the existing phone hardware, that will start keeping track of other nearby participating Bluetooth devices (other mobile users opted-in to the contact tracing). At the end of each day, it’ll send the anonymized list to a central server, and if someone reports that they get infected, users whose phones have seen the infected user’s phone throughout the day will get a notification, allowing for a fairly anonymous way of being able to tell if you were near someone who had the virus.
The second is with smart health technologies. The most interesting to me is smart devices that take the user’s temperature. The makers of one Bluetooth thermometer company are able to generate heatmap data based on the readings that are getting reported back to them and see likely viral hotspots based on real-time user temperature readings, which can help in coordinating where to focus a response. To add, the makers of the Oura Smart Ring are cooperating with UCSF in a study to detect the onset of symptoms, hoping that it may soon help notify users before symptoms even start appearing. The more health data we’re collecting and aggregating, the more trends like this we’ll start seeing in the future.
How worried should people be about these? It sounds like a “greater good” benefit, but at the potential risk of unintended consequences, do you think we’re rushing it?
It is an interesting question – the large concern with all of this data is privacy, and how is it going to be potentially used. The efforts I mentioned above, specifically, are purely opt-in (instead of the more concerning opt-out), which will let you have some confidence in where your data is going. Don’t trust start-ups that aren’t very explicit about where your data is sent and what it’s being used for.
This is something that tech companies still struggle with – you might install something like a mobile game, and your phone pops up and asks you if you want to grant it access to make calls. They haven’t clearly told you why they need that access (commonly, to detect a phone call and pause the game), but you’re expected to just accept blindly. As a consumer of technology, you should be looking for the privacy policies and clear-language explanations of what data is collected and what it’s being used for on anything you touch that involves personal data.
I personally have an Oura ring and have opted in to the UCSF study – but both UCSF and Oura have been very professional and clear in their explanations of data collected, what UCSF will and will not have access to, and what the purpose is, when I opted in. I understand the possible risk I’m taking by signing up in that the data may be leaked, but I believe the benefits outweigh the risk in my situation.
To learn more about how Metova can help optimize your business for work from home, visit our Remote Work page HERE.