Working from Home - The Cybersecurity Edition
So, your organization has decided to work from home, likely in response to COVID-19 and the pandemic we are all facing. I know, you were expecting pajama pants, slippers, and total comfort. Turns out that, while yes you have those things, it’s just like regular work. Only now it feels like you were separated from the group, almost as if you did something wrong. On top of that? What about security? Are we not facing the ever-present threat of that bad guys trying to get at our personal info, and other protected data? Well there are steps we a can take, even with working from home, to keep out network safe. This list was compiled with that in mind. So, sit back, sip your coffee, and enjoy those PJ’s and slippers while we review some things that can keep your work at home secure.
The Checklist:
As COVID-19 continues to spread our goal is not only to enable work from home safely, but to enable continued service to our clients. So, lets start our list in the most basic of places.
1. Have a remote accessible workspace available to your staff
This can mean several things. VPN, RDP, or even cloud collaboration spaces. I know this seems like a “have you check to make sure its plugged in” kind of moment but this is important to mention. Not everyone knows where to start (and that’s ok).
- It should have access to email, documents, and work important files.
- It should be protected by multi-factor authentication. This may be the most important point.
- Make sure your staff knows how to get to it and use it!
2. Consider using video calling
Working from home doesn’t have to mean absence from meetings, 1 on 1’s, and even co-worker conversation. Seeing and being seen can be powerful when you consider the alternative. Yes, this means you must wear pants, but it also means that the common side-effect of feeling disconnected while at home can be managed better when you can reach out to others and see them too.
- This approach may involve licensing (Teams or something similar)
- Avoid using “free” programs as they are often not secure.
3. Prepare your staff for working from home
Make sure they have access to phone numbers, voicemail, and whatever communication methods your organization uses. In addition, the security that goes along with those things outside of the building. Wearing jammies is no excuse for no security.
- Do not share passwords, or other means of access, with family members.
- Do not leave sensitive paper documents laying around.
- Make sure PC’s/laptops/devices have latest patches.
- Use only secure WIFI, not public or open WIFI.
4. Understand that remote workers are a security risk
Not because they are bad pantsless people. No, but their PC’s and devices are often already victims of things like malware or worse without them having any idea. This is especially the case when the PC in question is shared with other family members.
- Personal PC’s often do not have the same protections and patches in place. Be ready for that and address it ASAP
- Store client info and work-related info on digital workspaces only. Not locally on your home PC. Not in un-approved cloud storage services.
- Do not send (or allow to be sent) client or work info through personal email.
- Use strong passwords, I know we all hate them but it’s important.
- Change passwords often! Every 90 days at least. This is worse than strong passwords, but again its important.
- Use encryption where possible. Bitlocker, or something like it, would work.
- Begin cybersecurity training, and simulated phishing. The bad guys will take advantage of this disruption to our day to day and the security wrinkles its creating.
5. IT should now be at red alert
Yeah you heard me. Shields up, photon torpedoes loaded. It doesn’t matter if your IT is internal or an MSP, this is the time to be extra vigilant.
- Keep watch for any sort of anomaly that could be evidence of hacking, intrusion, or viruses.
- Logs are vital for information that could be useful in the event of any issues.
- Keep an even closer eye on your remote users.
- Consider testing your security protocols and keep testing them.
- Find those holes before the bad guys do.
This list is by no means all encompassing. There are other things to be mentioned. Cyber security insurance, which is a good idea. Make sure it covers social engineering and make sure it’s enough coverage. Also, events like this are a good reason to look at your business continuity or disaster recovery policies. Make sure they are up to date and accessible, and that your team knows them and what’s expected.
About Nathan Hock, vCIO
Nathan Hock has been a vCIO with Usherwood since 2019. In his position, Nathan is responsible for project design and development, supporting the sales cycle through high level technical design. He has been with Usherwood for 5 years and has 25 years of experience in the industry.