How to maintain cybersecurity when working remotely
With the spread of the Coronavirus (COVID–19) , many companies, municipalities and schools are urging employees and students to complete work from home at a moment’s notice. The transition from an in-office workforce to remote employees should be a coordinated effort between management and IT within your organization or municipality. Security should not be overlooked no matter how quickly this change must take place. Here is how to protect your business and your staff when working remotely.
Getting your workplace ready for COVID-19
Enforce or create policy
Your organization should have policy on the proper and secure procedures. If not, a policy should be created and put in place. Make sure that staff is aware of rules and regulations for remote work. Some things to cover may be:
- What devices are employees allowed to use for remote work?
- How should data be accessed and transferred?
- Who should staff contact if they have an issue?
- How do employees communicate with each other and maintain consistent workflow from home?
- How should employees be monitored / audited?
Set up remote access
Allowing employees to log into their work computers remotely can help to eliminate the use of unapproved or insecure software. Employees should not be allowed to work from or store corporate data on personal, insecure devices.
If using Windows-based remote desktop protocol (RDP), restrict access using firewalls. An RDP Gateway is highly recommended for restricting RDP access to desktops and servers.
Secure access
Two-factor authentication should be in place to protect company infrastructure. Employees should be even more mindful when working on public WiFi networks. Educate staff on the use of remote access and virtual prival networks (VPN)to keep company data secure. Additionally, any device used for company or municipality business should be secured with a password.
Malware and anti-virus protection
This step may seem obvious, but make sure that malware and antivirus protection software is up-to-date on all personal or corporate-issued computers and devices used for work.
Updates, updates, updates
Attacks often happen through the weakest link. Sometimes, the weakest link is an unpatched software vulnerability. This risk increases exponentially when employees work from their home networks. While IT cannot go into each person’s home, they can educate employees on how to better secure their home networks.
Set an account lockout policy
Set an account lockout policy to prevent hackers from using a brute force attack or automated password generators to gain access to your device(s).
Be aware of phishing scams
With the onset of panic comes an uptick in scams. It is especially important to remind employees of what phishing and social engineering scams look like.
Do no send sensitive information insecurely
If employees are allowed to work from home, they must be aware of where they may save and how they may send sensitive information. Email is not secure.
It is important to keep staff safe and healthy. Working remotely might be the solution. Do not wait until it’s too late and put your business or municipality at risk. Begin creating policies and training now so that employees are ready to work remotely if necessary.
If you are an employee who has questions about their home office, please do not hesitate to contact IT. It is prudent to address any issues before you are asked to work from home for any length of time.
Information for Pennsylvania Municipalities
There is a lot to think about when asking employees to stay home, dealing with employee fears about getting sick, and how to handle declaring disasters in your borough. PSAB worked in conjunction with Eckert Seamans Cherin & Mellott, LLC to put together a very informative webinar on how to handle COVID-19 in your borough.