Telecommuting, working from home, remote working, teleworking; they’re all part of our new language, thanks to COVID-19. And while working from home may seem like a simple transition, it’s become a security nightmare for businesses across the country who were not prepared for a transition of this scope at this time.
Our cloud-based services have long enabled businesses to have their employees securely log in from anywhere at any time. And while most of our clients’ still reported into the office every day pre-COVID-19, they have quickly and readily adopted a stay-at-home work plan where they can securely and productively work. Others were not so prepared.
As your business transitions to the ‘new normal’ of working from home, here are 15 quick security tips to consider:
- Provide devices – no BYOD. If you have a BYOD policy in place, reconsider if it still makes sense with your team working 100% from home. We recommend providing your team with the necessary equipment they need to complete their job duties securely and efficiently – plus, you’ll have the ability to force other security best practices like updates, upgrades, security scans, and audit logs if necessary.
- Employ application whitelisting. Instead of blacklisting every site you don’t want your employees to visit, consider whitelisting – identifying only the applications and sites that are required of them to perform their job duties.
- Conduct regular device scans. When you own and manage the devices your team is working from, it’s easy to do regular device scans to ensure devices are being properly secured.
- Provide secure VPN access. This will ensure a secure connection to your network, application, and files.
- No USB drives – ever. This is just good practice. USB drives are prime for transmitting viruses and simply should not be used anymore.
- Make policies clear for public or personal devices. Are your employees allowed to access network data from a public computer? How about their personal tablet? Make sure these policies are documented and understood.
- Mandate complex passwords. We know – employees hate this one – but it’s so important. And further, make it mandatory to change the passwords more frequently than before, ensuring that patterns don’t get recognized.
- Review physical security practices. From traveling with devices to having your company laptops sit in the passenger seat of a car, review your physical security practices and make revisions if necessary.
- Mandate employee training. We’ve always recommended that you conduct annual security training for your staff, but now is a great time to mandate that training again – just for a refresher on what’s expected and permitted.
- Monitor network activity. Watch what’s going on on your network and who’s coming in and out. Over a period, understand what’s normal and watch for things that are abnormal. Do you have an employee who always logs out at 5, but for the last 2 nights is logging back in at 9? Check it out. Or, are you getting a significant amount of traffic on the network from an unknown IP? Check it out.
- Update software and operating systems. Now is not the time to set software or operating system updates aside. Doing so can cause security gaps and vulnerabilities.
- Set idle-timeout standards. It’s easy to walk away from your workstation at home and not lock it, but we recommend mandating a 3-minute timeout standard where devices automatically lock if idle, protecting against unwanted eyes on sensitive data.
- Utilize a password manager. A password manager will help your team manage all the different log-ins required for their workday, in one spot, with a master password. So many people use the same password for multiple purposes, which is not recommended, but when they have an easy place to store passwords, they’re more likely to respect your password policies.
- Use incredible caution. This transitional period where businesses are forced to ‘figure out’ a work from home environment but haven’t perfected the security-protocol is a hackers dream. Train your team to use incredible caution when opening email attachments, clicking links in texts, or providing information over the phone.
- Utilize the cloud to your benefit. From secure access to shared file access, the cloud can help you accomplish so many of these checklist items. Check-in with your Cloud Partner to identify other best practices that might be recommended for your business.
We understand that checking off this list will take time, planning, budget, and employee buy-in, but we promise it’ll be worth it in the peace of mind you’ll have.
If you have questions about specific checklist items, reach out to one of our experts at 877-797-4700.