Home Office Safety and Security Week is January 13, 2019 through January 19, 2019. What is the importance, and what habits can you strengthen or start in order to empower your home office security practices?
The first step is to recognize that working from home is different than working from a corporate environment in more ways than you might first realize. Information Technology and Security departments of facilities and corporations perform many unnoticed functions in the background, securing the environment and making it run smoothly. These same functions don’t all extend into a home environment, and the remote worker must understand what is needed to bring their home office up to a similar standard. Below are just some of the key considerations:
- Backups: Often an overlooked and under-appreciated task, until a computer crashes and important work is potentially lost. If you regularly work with files local to your computer only, and not directly on a server or manually transferred to a server at the end of each day, you are at risk of losing all work at any time. Unforeseen circumstances like a power surge, corrupted computer operating system patch, or a mishap with a cup of coffee spilled on the machine can abruptly and permanently end the life of the computer. While it may be possible to retrieve data from some failed computers, it’s never guaranteed. Don’t make the mistake of thinking about a backup only when you need it! Understand what process may be in place for your local backups, or where to store files securely so they can get backed up.
- Network security: Network security goes beyond keeping your computer’s firewall software and anti-virus software up to date and active. Your router is a critical component for securing your home network. If you’ve not done so already, it’s important to log into it as directed by the manufacturer’s instructions and change the default administrator password. Routers with the default passwords still in place are trivially easy to hack, as all default passwords are available online with a 30-second search.
- Physical security: It’s all too easy to become complacent about physical security, in possibly the most comfortable surrounding – a home. Consider what potential breach would have to be reported if a burglar broke into a home and stole computers or smartphones or even papers laying on a desk. Even if the burglar didn’t take patient data that was written down on a paper lying next to a computer that was stolen, there is still the likelihood of exposure. Unauthorized exposure of PHI is often a reportable breach. Do you have lockable cabinets for any physical PHI that you work with? If not, you should invest in one. Are all electronic devices with access to PHI encrypted? If not, they should be. Are computers positioned so someone outside a window can look at the screen? If so, rearranging the office area or closing blinds/curtains while working are certainly in order.
- Patching: Making sure all computers, smart phones, smart devices like internet- connected cameras, thermostats and routers are all up to date with the latest security patches is very important. In a corporate environment, the I.T. or Network teams work tirelessly to keep devices all up to date, but those updates likely aren’t including a home network with all its devices. Even if your computer is up to date, other devices on the same network could pose a serious risk if they are compromised and start listening to traffic flowing over a home network.
- Testing and monitoring: Another unseen task in corporate environments is the testing and monitoring done routinely by Security and I.T. departments. These same principles should be applied to a user and their home office network. When was the last time you manually opened and checked your Windows Updates to make sure there were no failed installations? And opening the anti-virus for any messages about errors? Also, be sure to log into the router of your home network to look for any unidentified devices that may be sniffing traffic.
Obviously there is a lot that goes into making any network or office area secure. Making the environment secure is NOT an easy task (just ask your I.T. or Security department staff!). But when working from a home office with healthcare data, staff are required to follow and maintain the standards of HIPAA, HITECH and the Final Rule at all times. HITECH and the Final Rule also eliminated or limited the use of affirmative defense, so knowing the regulations is definitely a requirement – even when working from a home office!