Cybersecurity Checklist for Remote Working
Blog / Cybersecurity Checklist for Remote Working
If the Covid-19 pandemic has forced your organisation to adopt remote working for employees, it is very likely that you were required to roll out new IT applications and services to maintain your employee efficiency, business continuity and [production capacity]. But as companies are implementing the new system to cater to the needs of remote workforces, this transformation may not have been very smooth for some of them due to limited technology capability. It is quite understandable that the speed with which the pandemic has spread, organisations understandably did not put cybersecurity in the forefront while implementing a remote workspace system.
While organisational IT infrastructures may be overloaded with increased demand, it has given cyber criminals an opportunity to exploit vulnerabilities in temporary and newly implemented IT systems. Now that the initial pandemic panic has considerably died down and people have started to adapt to remote working, it’s time for organisations to evaluate their changed IT infrastructure and its impact on security. The last thing you would want after being already financially strained during this time is to become a target of cybercriminals and face further reputational and financial constraints.
To ensure the robustness of your company’s security setup and protect your organisation from cyber threats during this critical time, below is a security checklist of recommended considerations and steps to keep in mind while your employees work remotely.
IT Infrastructure
Enable security protection on all endpoints
Enforce software updates on remote employees
Ensure secure remote access to IT assets, accounting for the increased capacity of being accessed by increased number of users
Increase the time and capacity of IT helpdesk service to ensure that all employees get uninterrupted service and help while working remotely
Ensure that helpdesk staff confirm identity before granting password resets or other unusual requests
Provide a software solution to employees for backing up their critical data
If staff are using a cloud storage service, ensure that they only use an approved service
Governance and Risk
Update your policies and procedures for using devices at home and communicate accordingly to employees
Remind employees to ensure the confidentiality of their work and not to share their devices with others
Ask all employees to regularly update their software applications and operating systems
Communicate information security awareness messages regularly to employees to strengthen their security concepts
Give reminders to staff to stay vigilant for phishing emails and all other attempts of stealing account details and to report any malicious activity
Password Management
Instruct staff to never share their password via SMS or Email
Make two-factor authentication compulsory for all remote employees whenever they have to access a critical application or system
Keep backup codes for times when two-factor authentication doesn’t work (e.g. broadband outages) and ensure that backup codes are stored safely
To avoid scamming, communicate to all employees that you will never call them to reset their passwords
Mobile Devices
Implement hardware encryption for all mobile devices wherever possible, otherwise implement software encryption
Ensure full disk encryption in all mobile devices
If an employee is using personal device, remind them to never download an untrusted application
Communicate to all staff to regularly update their device software and create backups
Operations
Update firewall rules and VPN profiles to confirm that all employees have been assigned the right privileges according to their job roles
Disable split tunnelling for all VPN profiles so that remote staff are unable to have direct access to internet from their devices while they use VPN to access organisation’s corporate information systems
Create a group where employees can share info on malicious activity with everyone, such as phishing emails
Online Calls and Meetings
Educate your staff to not sit close to any smart devices such as Google Home or Alexa while discussing confidential information during calls
All employees should mute their mics when they are not speaking
Remind the employees to always keep their machines locked while they are taking a phone call, especially in a public place
Communicate and remind employees to only use approved video and audio-conferencing apps that are password protected
Cameras and mics should be switched off by default, and turned on when required
A participant that is kicked out must not be able to join back in
Before starting a conference, confirm and check the identity of all attendees
Remind all employees to close the application after the conference call ends
Employee Reminders
Create security awareness training tailored to remote working situations which prompt and remind the employees to:
Detect and avoid potential phishing threats, such as coronavirus scam emails
Use secured WiFi in public and at homes
Remind employees to never save their credit card details when making personal or official online transactions
Never use official devices for personal emails, social media and file sharing apps without prior approval
Save and secure all necessary printouts and discard unneeded documents by shredding
Never copy work-related files to their personal devices such as laptops or external hard disks
Store all Personally Identifiable Information (PII) or Protected Health Information (PHI) of customers in corporate (secured) data center storage or approved cloud storage service instead of storing them locally
Avoid using removable storage such as flash drives
The above checklist of security recommendations for a remote workforce can ensure that companies work securely and productively during this challenging time. Luckily, it’s not a very complicated process and with a little practice and vigilance, organisations can ensure that their employees maintain good online hygiene to protect the privacy of their information assets whilst working remotely.
Guest post by David Smith - a cryptographer with 12 years of experience in both the public and private sectors. He is currently working on his second startup (currently in stealth mode) that will track and interpret the use of contactless payments in the Greater China region. His expertise includes system design and implementation with contact and contactless smart cards, smart card personalization, mobile payments, and general knowledge and experience with APAC market trends and consumer preferences.
Fancy reading something else - what takes your fancy?
ai atlassian banking best-practices blockchain ciso climate-change cloud covid19 crime crypto culture customer-success cybersecurity data-protection data-security development dlp employees gdpr infrastructure insider-threat malware office365 offshoring privacy remote-working risk-management robotics security semafore slack social-media technology trojan-horse work-experience