In response to the global spread of COVID19, the novel coronavirus, many organizations are requiring employees to work remotely. While working from home might seem like a dream come true to many people, the transition can be a bit overwhelming in practice, especially if you handle Protected Health Information (PHI) or other sensitive data. Here are some helpful tips to securely work from home.
Start With Your Laptop or Computer
Now that you’re outside of the secure boundaries of your company’s IT network, protecting your laptop is key to ensuring data on the device remains private.
- Keep your security, antivirus, and anti-malware software up to date.
- Use strong passwords on all of your devices and applications. (For tips on passwords, check out HIPAA Password Requirements Explained.)
- Allow your computer to perform updates. These updates often include critical security patches that prevent malware from infecting your computer.
- Keep your work on your work computer, and your personal web browsing on your personal devices. Entertainment websites and apps are frequent sources of malware and should never be accessed on your work device.
Secure Your Home Network
Home networks often have lax security and are easily infiltrated by malware and malicious actors. Take these important measures to upgrade the security of your home network.
- Protect your WiFi with a strong password to keep intruders out. Always change the default password given to you by the vendor.
- Turn on the encryption settings for your router. Most routers should have WPA2 or WPA3 encryption. If you don’t find this option, try updating your router software or call the supplier if it is still under their service.
- Never use public WiFi. Publicly accessible WiFi makes it easy for hackers to brute force attack your computer and monitor your traffic.
- Use a VPN to access company intranet when possible.
For those handling sensitive data, personal data, or PHI, maintaining privacy in your work environment is extremely important. Sharing this type of information in an unauthorized manner, even if it’s just your family or housemates, could be a violation of the law.
- Use a privacy screen.
- Do not allow family members and children to access your computer. If sharing is unavoidable, create a separate user account login for guests to ensure they do not have access to sensitive files.
- Never leave your laptop unattended in public, your vehicle, checked luggage, a coworking space, or a coffee shop.
Keep Paper Records Secure
Many of us use the “clean desk policy” in the workplace. Now that home is your workplace, you should exercise these habits here too.
- Never leave paper records unattended.
- When not in use, keep records out of sight and under lock and key. A locking desk drawer, filing cabinet, or room will work. (Ideally, you should lock the records in a locking cabinet in a locked room, if you can.)
- Shred or burn sensitive data that you no longer need to dispose of it securely. Tossing it in the trash or recycling means it is still legible and anyone with current or future access to your garbage can also access the sensitive data. It’s best not to risk it.
Follow Your Organization’s Security Practices
Even though you’re working from home, you are still responsible for following your organization’s privacy and security policies and procedures. Follow the protocols your security team has implemented.
- Treat your work at home like you would in the office. Follow the security policies and procedures implemented by your organization.
- Use strong passwords to secure your laptop, applications, and WiFi.
- Encrypt where possible to make information useless to unauthorized viewers.
- Keep security programs up to date.
- Do not let other people use, see, or access your work when it can be avoided.
- Protect paper records by physically securing them when not in use and shredding them when they are no longer needed.
Still need more information about securely working remotely? Do you need help establishing a HIPAA compliant home office? Give us a ring at (503) 389-5666! Gazelle Consulting can help compliance feel like less of a thorn in your side.