Every bad has something good. The response to COVID-19 situation has put us into self-isolation but it also brought us together in communicating and collaborating from home for a while. And since working from home has many positive aspects, such as great time saving due to no commuting and hence less environmental pollution, COVID-19 could cause a permanent shift towards remote work.
Despite the pros of working from home, some concerns about ensuring cybersecurity remain. Unfortunately, every crisis is a great opportunity for malicious activities. We all have to provide a cyber-safe working environment and increase user awareness so that we can operate smoothly even in times that require us to quickly adapt to changes.
Here are 10 simple tips to ensure your workers work safely from home without additional expenses:
Enforce encryption and equipment policy
Do not allow unencrypted communication.
Encyption is a basic precaution when transferring data from between a business network and private networks of employees.
Do not allow using unencrypted data media.
Similarly as above, make sure that USB drives and other external data madia is appropriately encrypted.
Strictly restrict access from non-business devices.
A rigid security policy can contribute a great deal to protecting business assets. Clearly define which devices can be used for business purposes and under which conditions.
Make sure that your office equipment is used for business-related work only.
Set clear rules on the use of business equipment for remote work. Other family members should not be allowed to use business laptops or phones, let alone have your passwords at their disposal.
Secure your IT assets on site
Regularly install security patches.
Patching is the basis of a secure IT system, but it can be very time-consuming and even frustrating. The larger the company, the more apps and systems, and patching becomse unreasonably comprehensive. Using automated penetration testing solutions, you can easily prioritize vulnerabilities, which makes patching a significantly more bearable procedure.
Regularly update your security software.
Although we tend to advocate the importance of user awareness, security solutions are still the artillery of every IT system. However, it is of utmost importance that you regulary update your security software and make sure it still meets your security demands; otherwise, upgrade or replace.
Introduce two-factor authentication.
A two-factor authentication is nowadays almost a must. Since and SMS can also be intercepted, it is best you enforce an authenticator app which generates time-based one-time passwords. And of course enforce a password policy which requires strong passwords.
Educate and train your users
Increase the frequency of phishing campaigns to enhance user awareness.
Security awareness training with regular phishing campaigns is an essential investment into your cybersecurity. When regulary receiving simulated scams, users learn to recognize red flags and internalize the importance of awareness when included in digital communication.
Educate users on the safe use of wireless connections.
Not all users are familiar with risks posed by open (and free) wireless networks. Share with them how their home network should be secured and what they should observe when using public wireless networks.
Establish a quick help desk.
Dedicate some of your IT resources to assist employees working from home. Maybe you can organize some kind of on-call shifts and make sure that everyone gets assistance when needed.