By Dr. Heather Mark, CCEP
Over the course of the last seven weeks, the business world has undergone a seismic shift. Remote work, which had its advocates and detractors over the last two decades, has become a necessity. The technology exists to make this happen, and while it hasn’t been without its obstacles, we’re living a real-time experiment in how connected we can be in isolation. Transitions and adjustments are being made to workflows and business operations to account for this new environment. With all these changes being made so rapidly, it can be easy to lose sight of the fact that our compliance and security obligations have not changed, particularly around the protection of sensitive data (PII, PHI, etc.). That can sound daunting, but there are steps that we can all take in our remote offices to help ensure support the continued security of patient and payment related data.
- Use a secured WiFi network and VPN – a secure WiFi network uses a password and encryption to protect access to the network and the data that travels over the network. WPA2, or WiFi Protected Access 2, is the currently accepted security protocol for wireless networks. VPN will provide a secure connection between your computer and the company’s network.
- Change default passwords on home networks – when setting up your home network, make sure that you change the default passwords set up for routers, access points, and similar devices. These are often set by vendors and are easily guessable (e.g. admin, password, default).
- Make sure devices used for remote work have secure configurations – any devices used for working at home should have personal firewalls installed and operational. Antivirus should be installed and current and all the appropriate security patches should be installed. These applications should be configured in such a way that they cannot be disabled by the user.
- Keep your work and home life separate – make sure that you’re not using personal devices for work activities and vice versa. If you do use a personal device, for example a phone, for work, make sure that you keep a separation between work information and personal activities.
- Maintain vigilance about malicious emails and information security – particularly during these unsettling times, hackers are looking for the easiest way into a network. That means getting people to give them access (by clicking links or opening attachments) instead of having to “break in.” All of the same security and compliance processes and practices that apply in the office must also apply in the remote office.
It’s also important to work with partners that can support secure payments anyway you need to take them – via virtual terminal, IVR or, e-commerce. Restricting access to payment data by using tokenization and token vaults for stored payments, and requiring multi-factor authentication for access to payment applications and data can all help to ensure that we all remain committed to securing payment data, even in non-traditional environments.