Memorial Day 2020: Remote Work Security in the COVID Era

Memorial Day 2020 looks different from any previous year. We're in the middle of a pandemic. Most businesses that could go remote did so, often with minimal planning or preparation. People are working from kitchen tables, spare bedrooms, and dining rooms.

The initial panic of March has settled into an uneasy new normal. Businesses that thought they'd be back in offices by now are realizing remote work might continue for months. As we head into Memorial Day weekend, it's a good time to assess: is our remote work setup actually secure, or are we just holding our breath and hoping nothing breaks?

Let's talk about making remote work security sustainable for the long term.

What Happened in March

Most businesses made remote work decisions in crisis mode:

• Handed out laptops or told people to use personal computers
• Set up VPNs or remote desktop access hastily
• Moved to cloud collaboration tools (Zoom, Teams, Slack) without proper security review
• Relaxed security policies because "we need to keep operating"
• Promised themselves they'd fix it properly later

That approach got people working from home, which was the priority. But "later" is now. If remote work continues (and it will), those hasty March decisions need to become actual security policies.

Current Remote Work Risks

Home Networks Aren't Secure

Your office network (hopefully) has a firewall, managed switches, proper configuration. Your employees' home networks have consumer routers with default passwords, shared with family members streaming Netflix and kids doing remote school.

When employees connect to business systems from home, they're potentially exposing those systems to whatever malware or security issues exist on their home network.

Personal Devices

If employees are using personal computers for work, you have no control over what else is on those devices. Personal email, kids' games, questionable software downloads, unpatched operating systems.

These devices are now accessing your business data.

Physical Security

In the office, computers are in a secure building. At home, they're wherever. Family members have physical access. Cleaning services might too. Laptops are more likely to be stolen or lost.

Unsecured Video Calls

Early pandemic saw a wave of "Zoom bombing" incidents. While that particular problem has been mostly addressed, video conferencing security still matters. Are client meetings happening on secure platforms? Are waiting rooms enabled? Are passwords required for sensitive meetings?

Building Sustainable Remote Work Security

VPN for Everything Sensitive

Don't allow direct access to business systems from home networks. Everything should go through a VPN that encrypts traffic and provides an access control layer.

If you set up VPN access hastily in March, now's the time to review:

• Is it configured securely?
• Does it have sufficient capacity for all users?
• Are you logging connections?
• Is multi-factor authentication required?

Managed Work Devices

Employees should use company-provided devices for work, not personal computers. This lets you:

• Control what software is installed
• Ensure security updates are applied
• Enforce encryption
• Remotely wipe devices if they're lost or stolen
• Separate personal and business data

If providing laptops for everyone isn't feasible, at minimum require:

• Antivirus software
• Automatic updates enabled
• Disk encryption
• Strong passwords with screen lock

Cloud Services Security

If you adopted Zoom, Microsoft Teams, Slack, or other cloud collaboration tools in March, review their security settings:

• Require passwords for meetings
• Use waiting rooms for external participants
• Disable features you don't need (screen sharing by participants, file transfer, etc.)
• Review who has access to shared files and channels
• Enable multi-factor authentication for all accounts
• Check data retention and deletion policies

Access Control Review

Who has access to what from remote locations? In March, you probably gave people broad access to "just get work done." Time to audit:

• Does everyone still need the access they have?
• Are there accounts that should be revoked?
• Can you implement more granular permissions?
• Are admin accounts being used only when needed?

Home Network Guidance

You can't control employees' home networks, but you can give them guidance:

• Change the default router password
• Enable WPA3 or at minimum WPA2 encryption on Wi-Fi
• Update router firmware
• Use a separate Wi-Fi network for work devices if router supports it
• Don't use public Wi-Fi for work without VPN

Provide simple instructions they can actually follow.

Data Backup for Distributed Workers

When everyone worked in the office, backups were straightforward. Now data lives on laptops scattered across dozens of homes. Your backup strategy needs to account for this:

• Cloud-based backup for remote devices
• Automatic backup (can't rely on users to remember)
• Verify backups are actually running
• Test restores periodically

A laptop stolen from someone's car shouldn't mean losing weeks of work.

Communication Security

Remote work means more communication happens via email, chat, and video. Update your practices:

Email Security

• Use encrypted email for sensitive client information
• Be extra cautious about phishing (remote workers are higher risk)
• Verify unusual requests through a second channel (phone call, not email reply)

Chat Security

• Don't share passwords or sensitive data in chat
• Be aware chat history might be retained indefinitely
• Use appropriate channels (don't discuss client matters in public channels)

Video Security

• Require passwords for meetings with external participants
• Use waiting rooms to control who joins
• Be aware of what's visible in your background
• Mute when not speaking in large meetings

Training for Remote Security

Remote workers face different security challenges than office workers. They need training on:

• Recognizing phishing emails (remote workers are targeted more)
• Secure home network practices
• Physical security for work devices at home
• Using VPN correctly
• Video conferencing security
• What to do if devices are lost or stolen

A 30-minute training session now prevents costly incidents later.

Policy Updates

Your pre-COVID security policies probably assumed everyone worked in an office. Update them for remote work reality:

• Acceptable use of personal devices
• Home network security requirements
• Data handling on remote devices
• Video conferencing guidelines
• Reporting lost or stolen equipment
• Working from public locations (coffee shops, etc.)

Make policies realistic. If nobody will follow them, they're useless.

Looking Ahead

It's Memorial Day 2020, and we don't know how long remote work will continue. Some businesses will return to offices eventually. Others are discovering remote work works better than expected and might make it permanent.

Either way, the hasty remote work security of March 2020 needs to become sustainable long-term security. Now, while things are relatively calm, is the time to review, tighten up, and document your remote work security practices.

If you need help assessing your remote work security or implementing better practices, we can help. We've been working with Arizona businesses since 1991, and we've been helping dozens of them adapt to remote work since March.

The immediate crisis has passed. Now comes the work of making sure your remote work environment is secure for the long haul. This Memorial Day weekend, take some time to think about whether your current remote work security is sustainable, or if it needs attention.