Essay: Remote Work Cyber Security Checklist: Preventing Cyber-attacks When Working from Home

Remote Work Cyber Security Checklist
Coronavirus has brought in huge changes in our day to day lives, whether it is personal sphere or professional. Many existing business processes have been disrupted and working remotely (or work from home) has become the need of the hour. Many of our clients already had an existing remote working policy, while those that did not have any relevant policy or procedure found it difficult to make the shift. With the panic and uncertainty around the entire situation, the attackers are proactively looking to target victims and exploit them for a variety of benefits. Our experts have compiled a cybersecurity checklist for businesses to ensure that when their entire team is working remotely, cyber-attacks are effectively prevented. This checklist is divided into ten sections, and each section has a list of action points.
1. Generalåç
• Employees need to be reminded on and off about the need to protect the confidentiality of the company’s data.
• Constant reminders should be sent to the employees to restrict the use of their work devices by their family members or living partners.
• Employees must be reminded time and again about being monitored by the company as per the terms and conditions of employment. This will help ensure that all employees take necessary measures to promote security.
• All employees must be provided with a VPN set up as a remote working solution.
• Email forwarding should be disabled. If enabled, it should be carefully monitored.
• Appropriate measures should be implemented to ensure that updates and patches are applied without delays for systems and applications installed thereof.
2. Passwords
• Employees must be reminded time and again not to share passwords via SMS or email.
• Employees must be recommended to choose strong passwords. Passwords with first name, last name, birthdate, etc. should be automatically ruled out by the software itself.
• Employees must be sent reminders that no calls or emails will be made by the company to reset passwords.
• Two-factor authentication shall be made mandatory.
3. Mobile devices
• If mobile devices are used to store company data, appropriate security measures should be implemented.
• If a personal device is being used by an employee, they must be sent multiple reminders regarding phishing, adware, spyware attacks.
• Employees must be reminded not to download content from untrusted sources, irrespective of the device they are using.
4. Company Policies and illegal activities
• Employees must be reminded frequently about acceptable usage policies and other relevant policies as implemented by the company.
• Employees must be reminded that visiting websites that contain pornographic content is illegal.
• Employees must be aware that even when they tweet or use other social media platforms for personal use, they should follow the social media policy implemented by the company.
• Employees must be reminded to use only approved USB flash drives and cloud services.
• Employees must be assured support in times when they have made mistakes. This will ensure that employees report in case there is an issue or they have made a mistake.
5. Phishing Emails and Scams
• Employees must be reminded not to open any kind of information related to Coronavirus on their work devices. There have been many reports wherein the attackers are using Coronavirus to disguise their malware.
• Employees must also be asked to report malware and ransomware whenever they come across it on their work device.
• Employees must be made aware of the different types of social engineering attacks.
• Remind employees to check the email addresses and ensure they are only receiving emails from their company’s domain. An employee should ensure that they do not end up sharing confidential information with an unauthorized individual.
6. Online meetings and calls
• Employees must be reminded that if they have devices like Amazon’s Echo, they must not share confidential information when such devices are turned on.
• Employees should be told not to keep their microphones on when they are not speaking during a meeting.
• Employees must be regularly reminded not to click on any advertisements related to Coronavirus that pop up on their screens.
• Encourage colleagues to exchange numbers and check on each other every morning to ensure no one is facing any issues that they haven’t reported.
• Ensure that employees are in the habit of blocking webcams, both physically and through the application.
7. Exceptions and Changes
• Ensure that an exceptions folder is made.
• Call meetings to review such exceptions.
• Make a Folder named “No way this is an exception” to direct the employee attention to what can in no way be an exception.
• Changes must be documented and monitored.
8. Privacy
• Remind employees to respect the client’s privacy as the client or their representative is also working from home.
• Remind employees not to print personal information of any client while they are working from home.
9. Cyber Attacks and Incident response
• The process for reporting any kind of incident must be made streamlined.
• If there is a new system in place, ensure employees that this a new set up and issues may occur. However, they can be resolved once they are reported.
• Printed checklists must be kept at home in a place where it is not accessible to others.
• If the company does not have an incident response policy, appropriate resources should be dedicated immediately to frame, test, and implement such a policy.
10. Backup
• Remind employees to backup all types of critical or important documents. Working remotely can lead to loss of information unknowingly; therefore, backup is very important.
• Employees must be reminded again to use only approved hard disks to back up their information.
This checklist may seem like it’s a little long, but it is rather easy to follow when the security of a company’s IT infrastructure is at stake. When good security practices are followed in these testing times, they will become a part of day-to-day habits. In the long run, such habits are going to be beneficial for an employer as well as its employees.