As the United States works to flatten the curve and slow the spread of COVID-19, much of the American workforce is being sent home from the office. That presents some technical and security challenges for business owners, looking to protect staff’s health and the well-being of the business. If you are preparing to send your employees home in response to Coronavirus, there are a few things you need to prepare before making your business remote.
Set a Security Policy
Before sending your staff home, make sure you have a security policy in place up for remote work. Employees may not be aware of the security measures they should follow, or how to safely conduct business from home. For many, this is the first time their jobs have been done remotely. Creating written out guidelines helps educate your staff, while keeping your company safe. This way everyone will be on the same page and will hopefully lessen any confusion.
NIST has guidance on what to include in a policy/standard. You can find their recommendations under the NIST publications, titled “Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security”.
Establish a Secure Connection
While your employees are working remotely, you should provide secure connectivity to corporate resources. Organizations that have never allowed for remote work will need to make resources available that were only accessible internally before now. There are a few ways you can help ensure the security of your network, while staying connected.
1. Utilize a VPN (Virtual Private Network). A VPN will help establish a secure connection between the office and employees who are working from home.
2. Think through what limitations on VPN usage may exist. This will help ensure it can support the number of employees needing to connect.
3. Use MFA (Multi-Factor Authentication) on the VPN and any remote connections. This adds an extra layer of security, by requiring additional information to access the VPN. Implement this sort of security layer anywhere you can.
4. Keep all VPNs and network infrastructure devices up to date on patches. The Department of Homeland Security CISA website has some guidance on VPN security.
Address WIFI Risks
At-home networks are typically not as secure as corporate networks. While working at home your employees probably have several devices connected to the same WIFI, as well. This can cause security risks when opened to personal devices, home appliances, and more. Company provided hotspot connections may be an option for some organizations.
You should also consider the speed of your employees’ home internet connections. They may not have the bandwidth to support their entire family now working from home, or children using devices to stream video on the same WIFI. This isn’t necessarily a security concern, but it may have an impact on employee productivity.
Prepare for Updates
While your employees are away from the office, they may need to connect back to the company network in order to get certain updates. That can include OS, anti-virus, and vulnerability scanning. Depending on your process for updates, you may need to let your staff know a certain time of day this can be done so they can be sure their devices are on and ready for the necessary maintenance.
Educate your Employees
Cybercriminals know how to take advantage of hot topics. There have already been scams targeting people looking for more information on COVID-19. During times of fear, people are more susceptible to these sorts of scams. Employees can also feel more relaxed in their home, which could mean they’re more comfortable opening suspicious emails.
Remind your staff to stay vigilant. Educate them on the importance of checking sources before clicking on links, and never sending money to anyone without verifying the recipient. That may mean an extra phone call, instead of walking down the hall.
You should also warn your staff about not using personal devices for work purposes, and not to use public WIFI while accessing business content. While working from home you may not consider your child or pet a cyber threat. However, an inadvertent click of the mouse could cause big problems. Be sure to lock your computer whenever you leave your device, just as you should at the office. These could open your business to a variety of security risks. We recently outlined some of the issues these practices can cause in a recent blog article 5 Ways to Stay Secure While Working Remote.
Ensure Your Incident Response Plan is Ready
Your Incident Response Plan is always a crucial part of your business. Now is the perfect time to make sure it is up to date and you know how to enact it remotely. If a cyber incident occurs, do you have the ability to investigate and mitigate the threat from outside the office? Start working on the answers to these questions as soon as possible, if you haven’t already.
Having a security plan in place, educating your staff, and being prepared for possible threats will make this time of uncertainty more secure and manageable for your business. If you have questions about any of these recommendations, feel free to reach out to a Pratum consultant today!