Pratum Blog

Cybersecurity for Remote Employees

As the United States works to flatten the curve and slow the spread of COVID-19, much of the American workforce is being sent home from the office. That presents some technical and security challenges for business owners, looking to protect staff’s health and the well-being of the business. If you are preparing to send your employees home in response to Coronavirus, there are a few things you need to prepare before making your business remote.

Set a Security Policy

Before sending your staff home, make sure you have a security policy in place up for remote work. Employees may not be aware of the security measures they should follow, or how to safely conduct business from home. For many, this is the first time their jobs have been done remotely. Creating written out guidelines helps educate your staff, while keeping your company safe. This way everyone will be on the same page and will hopefully lessen any confusion.

NIST has guidance on what to include in a policy/standard. You can find their recommendations under the NIST publications, titled “Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security”.

Establish a Secure Connection

While your employees are working remotely, you should provide secure connectivity to corporate resources. Organizations that have never allowed for remote work will need to make resources available that were only accessible internally before now. There are a few ways you can help ensure the security of your network, while staying connected.

1. Utilize a VPN (Virtual Private Network). A VPN will help establish a secure connection between the office and employees who are working from home.

2. Think through what limitations on VPN usage may exist. This will help ensure it can support the number of employees needing to connect.

3. Use MFA (Multi-Factor Authentication) on the VPN and any remote connections. This adds an extra layer of security, by requiring additional information to access the VPN. Implement this sort of security layer anywhere you can.

4. Keep all VPNs and network infrastructure devices up to date on patches. The Department of Homeland Security CISA website has some guidance on VPN security.

Address WIFI Risks

At-home networks are typically not as secure as corporate networks. While working at home your employees probably have several devices connected to the same WIFI, as well. This can cause security risks when opened to personal devices, home appliances, and more. Company provided hotspot connections may be an option for some organizations.

You should also consider the speed of your employees’ home internet connections. They may not have the bandwidth to support their entire family now working from home, or children using devices to stream video on the same WIFI. This isn’t necessarily a security concern, but it may have an impact on employee productivity.

Prepare for Updates

While your employees are away from the office, they may need to connect back to the company network in order to get certain updates. That can include OS, anti-virus, and vulnerability scanning. Depending on your process for updates, you may need to let your staff know a certain time of day this can be done so they can be sure their devices are on and ready for the necessary maintenance.

Educate your Employees

Cybercriminals know how to take advantage of hot topics. There have already been scams targeting people looking for more information on COVID-19. During times of fear, people are more susceptible to these sorts of scams. Employees can also feel more relaxed in their home, which could mean they’re more comfortable opening suspicious emails.

Remind your staff to stay vigilant. Educate them on the importance of checking sources before clicking on links, and never sending money to anyone without verifying the recipient. That may mean an extra phone call, instead of walking down the hall.

You should also warn your staff about not using personal devices for work purposes, and not to use public WIFI while accessing business content. While working from home you may not consider your child or pet a cyber threat. However, an inadvertent click of the mouse could cause big problems. Be sure to lock your computer whenever you leave your device, just as you should at the office. These could open your business to a variety of security risks. We recently outlined some of the issues these practices can cause in a recent blog article 5 Ways to Stay Secure While Working Remote.

Ensure Your Incident Response Plan is Ready

Your Incident Response Plan is always a crucial part of your business. Now is the perfect time to make sure it is up to date and you know how to enact it remotely. If a cyber incident occurs, do you have the ability to investigate and mitigate the threat from outside the office? Start working on the answers to these questions as soon as possible, if you haven’t already.

Having a security plan in place, educating your staff, and being prepared for possible threats will make this time of uncertainty more secure and manageable for your business. If you have questions about any of these recommendations, feel free to reach out to a Pratum consultant today!

Remote Employee

The World Health Organization has officially declared the COVID-19 outbreak as a “pandemic”. This is causing several schools to close and businesses to re-evaluate their policies. One way some companies are trying to prevent spreading of illness is by allowing, or requiring, employees to work from home. With the switch to more remote workers, we put together a list of five ways you can increase cybersecurity while away from the office.

1. Communicate with IT

When working remote you should always plan ahead before leaving the office for an extended period of time. One important consideration is to check in with your company’s IT staff for any security protocol you should be following. Be sure to ask about company policies for routine connection to the company network. This allows IT staff to perform security updates, check for vulnerabilities, and keep your system in good working order. Not connecting to the company network for long periods of time may leave your device at risk. Talk with the IT staff about their recommended connection schedule.

2. Lock Your Computer

If you’re working from home, you may not consider the dangers of leaving your computer unlocked. If you have children, pets, spouses, or roommates wandering around, they may unknowingly click on something that causes issues. Having a cat or toddler accidentally delete important files while you step away from an unprotected device could be bad news. Instead, just follow the same practices you should be doing at the office by locking your computer any time you need to step away.

3. Keep Work Files on Work Computers

While it may be tempting to use your favorite computer or tablet when working from home or other remote locations, it’s not the best security practice. If you work for an organization with a diligent IT staff, they will be continually updating software and security measures on your company devices and networks. The same cannot always be said about your personal devices. You may not follow the same, strict protocols as professional, technical staff would. You also may not be able to afford the same level of technical controls that your company can.

These are all good reasons to keep your company data on company devices. By connecting a personal device to private information, you are potentially putting your company at risk. You’re also putting yourself at risk of being liable if something were to cause damage to the organization.

4. Avoid Public WIFI

The idea of sitting at home during Coronavirus prevention may seem daunting to some people who need human interaction. That’s why several people take their work to local coffee shops or restaurants. In addition to the need for social distancing, the problem with that is the threat of hackers sitting at the table next to you, or even the building next door. Using public WIFI opens you up to a number of security risks.

Even if you trust the network of the company you’re visiting, you may unknowingly sign onto a WIFI connection that is just one character different than the one you intended to sing onto. It may even have the same password as the legitimate WIFI network, but this one was set up to trick you!

You will also want to consider a VPN, or Virtual Private Network. This allows you to create a secure connection to another network over the internet, while shielding your activity from cybercriminals on public WIFI. A VPN will transmit your information through the protected pathway, rather than directly from your computer.

Using the same network as everyone else in the vicinity, without a firewall between you, could allow others to access your computer without you even realizing it. That leaves your private data and company information vulnerable if you’re working remote.

There’s also the threat of any communication shared with clients or back at the office being visible to others on the network you’re using. That traffic back and forth could contain information you do not want a threat actor seeing and taking advantage of. That leads to the next point.

5. Block Sight Lines

Taking the time to find the perfect seat while working remote can be tricky in crowded coffee shops. Just make sure that ideal spot won’t be ideal for someone trying to watch what you’re doing on your computer. If a cybercriminal can read sensitive data you type into your laptop, or spot some documents not intended for public viewing, it may be detrimental to your business.

Another great way to help reduce shoulder surfing is to add privacy filters or screens to your laptop. These can be attached to your monitor for extra security. Filters or screens create a black-out effect for anyone looking at your screen from the side. Unless you are sitting directly in front of the monitor, the screen will appear darker the more of an angle you look at it. You can find these at most stores that sell computers or online.

Also, never leave your phone or laptop alone. Even a quick restroom break is enough time for hackers to compromise your devices.

Whether you are taking precautions when it comes to physical health, or simply work remote on a regular basis, it’s important to keep up with cybersecurity practices. Be sure to communicate with your employer and find out what cybersecurity protocols you should be following while you’re away from the office. This will help keep yourself, and your organization, more secure!

Incident Reponse Planning

Is your business ready to handle a security threat? The more our Consultants talk with businesses from across the country, the more we find a lot of them don’t have an Incident Response Plan. If they do have one, it’s very minimal. Unfortunately, this is becoming the norm.

Creating an Incident Response Plan is more than just creating a peace of mind; it will also be a critical component in restoring what’s lost during a cyber-attack. Taking the time to prepare now will save you time, money and stress down the road.

Keys to an Incident Response Plan:

The Importance –

First, you probably want to know why you need an Incident Response Plan. Think of it as reassurance that in the case of an emergency fewer things are likely to go wrong. If a disaster occurs and you don’t have a plan in place, how will employees know what to do? Even if one person knows the protocol, you can’t rely on them being there every day. This checklist of do’s and don’ts will give staff a sense of control and confidence when they may have to face a crisis alone. It will also give management more freedom to leave the office without fear of total chaos while they’re away.

Second, if your business is a critical resource and you don’t have an appropriate plan in place, it could have a ripple effect on others. You could potentially lose revenue or harm customers. In turn, that may impair your reputation and cause long-term damage to your business.

Who Needs One –

The easiest response for this one is – Everyone! The exact plan will vary depending on the size of your organization and the level of risk you face. If your company has a lot of sensitive data, that means your security risk is higher. In that case, you want to have a very detailed Incident Response Plan in place. Larger businesses may be required to have an Incident Response Plan in place to meet a regulatory framework.

Every business needs to evaluate all levels of information security and who has access to sensitive data in order to determine what their plan should look like. There’s no “one size fits all”, but there are some good guidelines to follow!

What It Should Look Like –

This has been made slightly easier thanks to the National Institute of Standards and Technology (NIST). They have a checklist of how to handle an incident. (You can find that on Page 42 of the document linked here.) These basic guidelines are very helpful to anyone looking for some introductory guidance.

To prepare an Incident Response Plan, ask these questions about your business:

1. Who are the critical staff?

2. What resources are available?

3. Who are the primary and secondary contacts?

4. What is the backup process?

5. How quickly would you recover from an incident?

6. How could an incident impact future business?

If you can’t readily answer these questions, that’s a good sign you need to start working on an Incident Response Plan. While the variables will differ from one business to the next, the basic principles remain the same; know who’s in charge, what to do, who to contact, and how to handle the aftermath.

How to Prepare -

Before implementing an Incident Response Plan, there are a few things you should do to prepare. First, let your staff know what’s happening. It’s important they understand why the plan is being built. They should also be given the specific guidelines as to what their role will be during an incident. If necessary, there should be plenty of training involved. The pertinent staff should also be involved in the creation of the plan. The more involved people are in the process the more likely they will be invested in executing the plan when an incident comes up.

How to Update –

Your Incident Response Plan needs to be reviewed at least once a year. That’s also when you should be performing a test to make sure the procedures and people involved are prepared. Testing will help reveal any weaknesses in the process before real damage is done from a serious security threat.

While an annual review is important, you also need to do updates and reviews after any incidents that occur. If something goes wrong, it’s the perfect time to update and adjust the policy.

Recovery Process –

One of the biggest benefits of having an Incident Response Plan is having the steps laid out for the recovery phase. After a security incident, you may be stressed out and overwhelmed by what just happened. Being able to rely on an established plan will help keep you on track of what’s going on and focus on the tasks at hand.

A big component of recovery is the initial response. Be sure to isolate the affected system or systems to stop additional infections and prevent additional data theft. Disconnect the asset from the network. You should also start running scans and potentially run digital forensics (link to forensics page) checks to see how far the attack went and where it came from. Also, consult your legal or compliance team to review any regulatory impact that could also pose irreparable harm to the organization.

Encourage your employees to report problems right away. Affirm they won’t be in trouble for sharing what they discovered and that they’re helping the company by reporting any incident in a timely manner. Give them a channel to follow and train them on where and how to report properly.

Review the Aftermath –

After you’ve contained the problem and reported to the proper channels, an Incident Response Plan should also include steps for reviewing the aftermath of an incident. This is the time you go over the questions like, what went wrong? What went right? You should also establish a timeline of events to help answer these questions and see the bigger picture.

Reviewing the problem shouldn’t be your last step. Adjusting your Incident Response Plan should come next! As we discussed during the Update section, you should be making changes to your plan after any incident. If a step in the process didn’t go as planned, figure out why and start making changes.

If you need help setting up your Incident Response Plan, our cybersecurity experts work with organizations of different sizes and security needs.

Get our blog posts delivered to your inbox:

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.