Now that you’ve taken the necessary precautions in the security operations center in light of COVID-19, there is still more that can be done among your remote workforce. We’ve put together a list of cybersecurity tips for users who are working from home for the near to mid-term future as the world responds and takes measures to contain the spread of COVID-19. Follow these cybersecurity tips for your remote workers to protect your company and your users.
A. Be Vigilant Against Phishing Emails
B. Secure Physical Workspace
- Ensure your remote workers are able to secure their physical workspace; be sure that employees lock the doors to their homes and do not leave company devices in their car even if the car is in the garage
- Just as in the office, ensure computers are set to automatically lock when they step away from it
- Where possible, users ought to be able to work in a designated space behind closed doors
- A headset to maintain the privacy of work conversations with colleagues and customers is recommended
- Follow a clean-desk policy
- Secure notes and documents containing proprietary data or customer information at the end of the work day
C. Secure the Use of Wireless Networking
- Do not utilize an unsecured wireless network for company business
- Secure the home WiFi network with a minimum of WPA2-PSK security
- Ensure users are aware of how to reach support for assistance
- When working remotely from a location that isn’t the home office, connect to company resources via secure wireless networks
D. Protect Storage of Company Data
- Utilize the corporate file system to store data centrally
- Do not store company or customer data on local devices
- Avoid the use of USB devices, and do not store company data on unknown or untrusted USB devices
E. Use of Company-owned Equipment
- Do not allow family members to use company-owned equipment for any purpose
- Do not use company-owned devices for non-company related activities
- This includes personal email such as Gmail
F. Use of Personally-owned Equipment
If your company allows the use of personally owned devices for company business, and team members working remotely can connect to corporate resources using their personal equipment, ensure that:
- Multi-factor authentication technologies are used to access corporate resources
- Users understand that no company or customer data is to be stored on personally owned devices
- Users have antivirus application installed on all personally-owned devices and have whole-disk encryption technology installed
- Offer recommendations where appropriate
- Users are aware of their options for installing a personal VPN to secure online sessions
- Examples of possible options include Private Internet Access, VyprVPN, ExpressVPN, etc.
- Users are encouraged to utilize a browser-based ad blocker such as uBlock Origin
We hope these cybersecurity tips for your remote workers is helpful. This is by no means an exhaustive list. If your organization has more to add, we would like to hear from you.
If you’d like help protecting your organization, know that we’re here for you. Reach out to start the conversation.