At the time of this writing, the world is mobilizing to combat a viral pandemic. COVID-19 is changing the ways we work, learn, and socialize. Schools are cancelled. Large gatherings are banned. And companies are prohibiting business travel and encouraging employees to work remotely. We are all moving outside the perimeter of our common work spaces.
We all sincerely hope that this outbreak is quickly contained and employees can return to their offices. But we also acknowledge that unexpected circumstances may continue to require more robust work-from-home protocols. This brief manual for working remote in times of crisis is our small attempt to help companies prepare for what may be a long haul.
For IT Departments
A top concern for IT leaders is that all the devices that are typically used within the perimeter are suddenly moving outside. 1 in 3 organizations report that they have experienced a security incident due to a remote worker’s actions. Both IT departments and employees should be thinking critically about how to be cyber secure during this pandemic.
If the majority of your employees typically work in the office, it will take a huge effort to get everyone prepared for working remotely. Prepare your workforce now so that operations can continue with as little disruption as possible.
Hardware & Connectivity
Everyone needs to be equipped with a laptop or tablet. This may not be possible. Consider the effects of allowing employees to use personal devices and what rules you want to put on those situations.
Not all of your employees will have a robust enough internet connection to handle the needs of their job. Discuss whether or not it is appropriate to provide stipends for faster internet for critical employees. (Consider anyone who takes video calls with customers a top priority.)
Create a brief security training video or document that outlines your company’s remote work policies. Tell your employees why these rules are important to follow. This is not a “just because” scenario. Remind them of your business’s core mission and any compliance mandates or contractual obligations you must fulfilled.
When you share your training video or document, include detailed steps for how to update your systems’ passwords. Not everyone will remember, and you may be fielding a lot of questions unless you’re proactive.
Remind employees to install all available software updates or patches on all of their devices.
Monitor your VPN capacity. Your in-house network security was probably designed to support intermittent connections by a portion of your workforce. It may become overwhelmed by the new surge in traffic. Upgrade now if you suspect the current system is unsustainable.
Your cloud-based applications are relatively secure while your employees are within the perimeter of your building. But everyone is leaving the building and making connections from a variety of locations. Unfortunately, malicious actors are looking for new, easy opportunities all the time. They’re well aware that remote work services are being more heavily used and will be testing them for weaknesses while traffic is high.
WiFi & VPN
Acknowledge that public WiFi and home WiFi are not as secure as working onsite at your office.
We hope everyone who’s working remotely is working from home (not a crowded public space). But no matter where you are working, only connect to company networks with your VPN turned on. Be diligent about using VPN.
Follow your company’s password protocols and turn on multi-factor authentication wherever it is available. Remember that the best passwords are actually longer phrases, not random combinations of letters and numbers that are hard to remember.
Update your software as soon as you become aware of new patches or updates. This goes for all company and personal devices all the time! Not just during this era of surprise remote work. Attackers will be looking to exploit any and all vulnerabilities during this unpredictable time.
Is your company prepared for a fully remote workforce outside the physical perimeter of your building? Read our other blog posts on securing your remote workforce and password advice here and here. If you need more advice on how to secure a remote team, now or in the future, please reach out to Asylas at firstname.lastname@example.org or 615-622-4591. Or complete our contact form.