We have been watching the news, reading your helpful posts here on the community and even working remotely ourselves. 

Based on what we've read and experienced, we have put together some guidance on the remote workforce situation (when possible, we realize not all employees have the ability to work remote). 

Join the discussion. What did we get right? What did we miss? 

Nine Work-from-Home Key Security Practices

The coronavirus (COVID-19) outbreak is forcing a lot of people who have never had to work from home to do just that. While telecommuting is a growing practice, many organizations simply weren’t prepared to set up employees to work from home. This is creating a significant number of challenges, including how to protect newly-minted telecommuters from cybersecurity threats.

The substantial increase in telecommuters is forcing cybersecurity teams to hold off on day-to-day tasks in order to help employees secure their new working environments. These teams, all of the sudden, are under pressure to address new risk profiles their organizations never anticipated.

Some of the issues they are facing, such as companies lacking enough laptops and VPN licenses, may not have an immediate solution. But these challenges are also lessons that organizations can apply to business continuity plans when they revise them for the future.

In the meantime, cybersecurity professionals can guide work-from-home employees through some basic measures to lower their exposure to cyber risks:

1. Authentication policies – Review authentication policies with employees working from home, reminding them of the importance of using strong passwords and, if available, two-factor authentication to prevent unauthorized access to sensitive business data.

2. Device separation – Remind workers to keep their work and personal devices separate, unless a BYOD (bring your own device) policy is in place. Only employer-issued devices with proper security should be used for work-related tasks.

3. Private workspaces – Users who’ve never worked from home may need some guidance setting up their work areas. Advise them to find a private room or nook, away from other family members and distractions if possible, and make sure no one else in their household uses these work-issued devices. Remind them to lock their laptops and mobile devices when away from them.

4. VPN access – Many companies have secure VPN connections to sensitive business data and applications. If VPN connections aren’t available for some workers, take the necessary steps to block access to at-risk assets as a measure to prevent security breaches.

5. Data backup – Backing up data is not only a sound business continuity practice but also a security measure. It can be the saving grace in the event of a ransomware attack, for instance. Make sure work-from-home employees have access to data backup. If necessary, add capacity by leveraging one or more of the many available cloud-based data backup services.

6. WiFi security – Employees unaccustomed to working from home may not realize their WiFi should be password-protected. Instruct them to secure their wireless networks and to change passwords from those issued by device manufacturers.

7. Email encryption – A lot of business is conducted via email. Implementing email encryption when so many people are working from home is a sound business practice. Instruct workers on how to use encryption.

8. Software updates – It’s easier to manage software updates and security patches in the office, but it still must be done in work-from-home scenarios. If you do not have automated updating and patching, be sure to remind users to keep all systems up to date.

9. Ongoing reminders. Inform staff about the latest security threats and send them periodic reminders about safe computing practices, such as how to avoid phishing emails.

These basic practices can go a long way to help secure home environments. If you have other tips and practices you can share with your cybersecurity peers, visit our community.