With many workplaces going entirely remote some for the first time, employers have to deal with new challenges caused by the sudden shift. One of the more significant challenges is making sure that employees stay secure while doing their daily work. This requires special attention because controls that would generally keep sensitive data safe may be configured incorrectly for a remote connection. Check out these easy five practical tips you can take to ensure your employees and their systems remain secure while working from home.
Tip #1: Communicate Threats and Security Best Practices
One of the most important things to do is communicate with your workforce about the threats they might face working from home. This includes providing security best practices on things like password creation, VPN usage, and WIFI configuration. Get with your IT department leaders to discuss the policies and procedures employees need to follow. The SANS Institute created a Remote Workforce Deployment Kit that can help guide this process.
Tip #2: Make Sure Policies are Up to Date
Policies provide a solid foundation for what you and your employees are expected to do within the organization. Remote work is no exception. By creating or updating a Remote Access Policy, you can set specific expectations for how remote access is allowed and maintained, including how it should be secure. This puts everyone in the organization on the same page and gives you a place to start when creating specific procedures for your remote employees. If you need assistance with a Remote Access Policy, the SANS Institute created a free Remote Access Policy Template.
Tip #3: Trust No-One
Moving to a remote workforce can create a lot of new traffic, and requests from unknown devices as employees use new laptops or personal (BYOD) devices. It’s best to keep access as tight as possible, even if it means that some legitimate employees initially lose access. You will be able to verify employee access by following your Organization’s remote access policy. This will help alleviate the threat of an actor sneaking in unauthorized during a rush of new remote connections. Also, do not assume employees’ devices are secure, especially if they must use personal devices. Consider setting up controls that verify if a remote system has updated security controls such as configured firewalls, current patches, and activated, up to date anti-virus before allowing them on your Organization’s network.
Tip #4: Classify Data and Access
When employees are working from the office, they often do not have to worry about where they save your Organization’s data or who has access to it because there are internal controls to make sure it remains secure. When working remote, however, it’s very important to define who or what has access to the data. The best way to do this is to classify data into categories and create procedures on how to secure it based on the classification. This is also a good time to review user access and ensure that employees only have access to what they need to do their work such as using strict access policies making folders inaccessible by default. If separate accounts are created for remote access, you want to make sure those accounts only have access to what is required. Nobody wants to expose the entire organization to everyone’s HR files.
Tip #5: Be Prepared – Learn More About Cyber Safety
Cybersecurity is constantly evolving in the face of increasingly aggressive and sophisticated threats. To continue protecting ourselves, our organizations, and our research; we should all be continuously learning about these emerging cybersecurity threats. To learn more now, please see the resources below which provide additional guidance from various federal agencies on cybersecurity risks related to COVID-19:
- CDC – COVID-19-Related Phone Scams and Phishing Attacks
- DHS/CISA – UK And US Security Agencies Issue COVID-19 Cyber Threat Update
- FCC – COVID-19 Consumer Warnings and Safety Tips
- DOJ – Combatting Coronavirus Fraud
- FBI – Protect Your Wallet—and Your Health—from Pandemic Scammers
The bottom line is that cyber risks are closer to us than we might expect. We may feel that cyber safety protocols are about compliance for the sake of compliance, but the reality is that cyber safety is about protecting our people and our science. Now more than ever, we all have a responsibility to safeguard ourselves, our organizations, and our research by making cyber safety a priority in our daily work.
To learn more about the many benefits of cybersecurity speak to an Edafio consultant today.
Edafio Technology Partners is a leading IT services provider and technology consulting firm serving clients across multiple industries from offices in Central and Northwest Arkansas. We are a privately held Arkansas company whose origin, ownership and engineers are all Arkansas based. We help, build, and protect our clients’ businesses through information technology, cloud services, and cybersecurity and are driven by and owe our success to living our core values, which begin with our commitment to our clients’ success
If you’re looking for more information on how Edafio can support your organization with proactive IT consulting and management, cloud computing, cybersecurity, and healthcare consulting, please contact us here.