Like it or not, work from home is here to stay in some capacity. CloudNexus has developed a remote work cybersecurity checklist that will help you and your IT team cover all your bases.
Whether your staff are fully remote or just work from home occasionally, you must consider the security and resource upgrades needed in order to make remote work sustainable for your company long term. Following this checklist will help you address concerns you may not have initially considered when implementing remote work capabilities.
Secure Remote Work Made Simple
Before we dive into the specific points on the remote work cybersecurity checklist, it’s important to consider the overall implications of switching to remote work. You should revisit and amend every existing company policy to include provisions for people working remotely.
Additionally, it’s more important than ever that you secure company devices, data, applications, and internet access. Review existing vulnerabilities through the remote work lens and fix the ones that incur the most cyber risk.
Last, but certainly not least, it’s important to look at your tech budget. If you can, provide a stipend to remote employees to make it more secure and productive for them to work at home. Some of the suggested tech upgrades include noise canceling headphones, ethernet cables, webcam covers, etc.
Let’s get into the nuts and bolts of our remote work cybersecurity checklist!
Governance and Risk – Remote Work Cybersecurity Checklist
- Update your company device policy to include guidelines for usage at home or outside the office. Share them with all staff immediately.
- Make sure every team member knows not to share their devices with others (even in their home). This helps you ensure the confidentiality business data and your customer data.
- Regularly refresh everyone’s memory about key information security concepts and processes. People can get a little too comfortable in their home.
- If your industry is heavily regulated, double check that you are in compliance with the privacy laws that apply.
IT Infrastructure – Remote Work Cybersecurity Checklist
- Ensure that security software is installed on all company devices.
- Automate as many software and operating systems updates as you can for remote employees.
- Make sure you can provide secure remote access to IT assets. Further, ensure you account for the increased capacity needed on the servers or the cloud.
- Boost IT helpdesk bandwidth to ensure that all employees get timely responses while working remotely.
- Implement a policy of multi factor identity verification of staff who call into the helpdesk for assistance.
- If your team relies on cloud storage services, make sure that those services are up to your security standards.
Operations – Remote Work Cybersecurity Checklist
- Verify that all employees are assigned the right privileges corresponding to their job description.
- Disable split tunneling on all VPN profiles. This prevents remote staff from directly accessing the internet from their devices while they are accessing your business’ information systems.
- Create a reporting system for phishing attempts or other suspicious activity, and keep a record of everything.
Mobile Device Policy Updates
- Update your company mobile device policy to include guidelines for usage at home or outside the office. Share them with all staff immediately.
- Do your absolute best to provide full disk encryption on your mobile devices.
- Follow that up with software encryption as well.
- If any employees are using their personal mobile devices for work, ensure they do not download or install suspicious applications.
- Remind your staff to ensure confidentiality on mobile devices as well.
- Create an automation to ensure that your team members regularly update their device’s OS and back up their data.
Online Call/Meeting Policy Updates
- Encourage your staff to take measures to ensure privacy during calls or meetings. This could include closing the door of their home workspace, utilizing headphones to prevent eavesdropping, and being mindful of the smart home devices within earshot.
- Provide an approved video conferencing application or a list of approved video conferencing applications. Only approve applications that meet your internal security and privacy needs.
- Require that all online meetings or calls are password protected.
- Ensure that meeting administrators can kick someone out of the meeting- and that they can’t get back in.
- Before beginning a meeting, review and verify the identity of all attendees.
- When setting up a meeting, default all cameras and mics to be off and only activate them when needed.
- Make sure your staff immediately close the meeting or call window when finished.
Remote Password Policy Updates
- Ensure every employee knows to NEVER share their username/password information via SMS, instant messaging, or email.
- Require 2FA for all remote employees at every login.
- Maintain backup access codes for when 2FA may not work (like during a broadband outage) and store them securely.
- Inform all staff that you will NEVER call them to reset their passwords. Tell them how they can securely change their passwords.
Employee Asks for Remote Work Security
- Refresh your teams regularly on detection and reporting of phishing threats.
- Remind everyone of the importance of using password protected WiFi networks in public and at home.
- Ensure that all employees know not to save their company credit card details when making online transactions.
- Employ and enforce proper cyber hygiene to keep personal emails, social media, and file sharing apps off of company devices.
- Ask your employees to keep their company devices locked when not in use, even in their own home.
- Make sure they all know not to copy any work-related files to personal devices.
- Discourage flash drive use.
- Remind your staff to store all company data securely. Digitally, store it in corporate (secured) data center or cloud storage only. Physically, store it in a fireproof safe or locked drawer.
Work Remotely Without Fear
It is our hope that this remote work cybersecurity checklist will provide you with the tools needed to work remotely. It is possible and simple to provide work/life balance to yourself and your employees without compromising your cybersecurity plan.
If you’d like a CloudNexus expert to review your remote work plan or your cybersecurity strategy, schedule a call. We’re happy to provide a cybersecurity audit and talk strategy with you. The security of your company is our top priority.
Want to know more? Read our article about the Top 10 Cyber Threats to Small Businesses!