By Karen Sprenger   /   Mar 16th, 2020

Work from Home Cybersecurity Checklist for Executives, IT & Remote Employees

The spread of Coronavirus (COVID-19) has unexpectedly thrust many organizations into the world of remote workforce management. With officials encouraging as many people as possible to work from home to stop the spread of the coronavirus, many organizations have had to rapidly deploy a dramatically larger pool of remote workers. For those organizations without established cybersecurity policies and procedures for remote workers, the lack of time to plan for this contingency may leave security holes in your network. Even if you’ve offered work from home options to employees in the past, now is a good time to brush up on cybersecurity best practices for remote workers.

Work from Home Cybersecurity Checklist for Executives and Managers

From a strategic viewpoint, smart, cybersecurity savvy employees are a crucial first line of defense regardless of whether employees are working from home, or in the office. Ensure you communicate and train your employees on cybersecurity best practices and your organization’s cybersecurity policies (read our tips for communicating cybersecurity expectations). Here are the key things you need to do:

  • Keep in mind that if your employees are accessing your systems remotely, they are just another system on your internal network. Remind them to follow all of the normal Information Security processes and policies that they would in the office. Now is a good time to review those policies as well – be sure to include:
    • Don’t share sensitive data through unencrypted email.
    • Keep work and personal use separate.
    • How to identify sensitive information.
    • Acceptable practices for handling sensitive information.
  • Provide your staff with regular reminders and awareness training of good cybersecurity practices. In particular, they should be on the lookout for emails with links or attachments purporting to be updates about coronavirus. Unfortunately, criminals are using this pandemic as an opportunity to spread malware. Here is a quick microlearning quiz on how to detect bad links that you can share with your employees.
  • If employees are working with sensitive information, consider providing some tools to enhance privacy like a privacy screen for the computer or a physical lock.
  • Remind employees to lock their screen whenever they step away from their computer, particularly if they are in a shared living space.
  • Ask staff members not to use public Wi-Fi whenever possible.

Stay tuned for our upcoming blogs on how to train employees to be cybersecurity aware and cybersecurity considerations during the coronavirus.

Work from Home Cybersecurity Checklist for IT Managers

If you are new to work from home cybersecurity or just want to ensure you are meeting technical best practices, here’s a quick checklist to help ensure the safety of your organization’s network:

  • Never open Remote Desktop Protocol (RDP) to the public facing internet.
  • Always use a Virtual Private Network (VPN) in front of remote access.
  • Implement multi-factor authentication whenever and wherever possible.
  • Require passwords that are long, ideally 16 characters or more.
  • Keep all of your systems patched and updated.
  • Use antivirus enterprise wide.
  • Increase logging and monitoring capabilities to include both failed and successful logins, as well as activity and access logs.
  • Encrypt all devices.
  • Use a mobile device management solution for laptops and mobile devices so that you can remotely manage and/or wipe a device if necessary.
  • Use a separate account to remotely administer your systems. Keep a standard user account for day to day work like responding to email.
  • Make sure that users have a way to contact you if they see anything unusual or suspicious.
  • Give your team a way to interact verbally through a conferencing program like Microsoft Teams, GoToMeeting, Zoom, or others but make sure that you understand how and where documents shared through the service are stored, and that your team members understand what is and is not okay to share through those services.
  • Ensure employees only use IT-approved cloud services. Many employees may use file sharing sites to simplify remote work without realizing that they can cause cybersecurity issues.

Work from Home Cybersecurity Checklist for Employees

The coronavirus is causing widespread challenges. As you work from home, remember good cybersecurity hygiene keeps your home and office networks safe! Follow these best practices:

  • Watch for phishing emails. Criminals are going to target you with information that appears to be about the coronavirus. Make sure you know and verify the source of the email. Be especially cautious about opening attachments. Take a free microlearning quiz about link safety.
  • Be wary of phone calls requesting information from you. If you don’t recognize the voice, ask for a phone number and extension so that you can return the call. To learn more, read this blog on vishing.
  • Use a pass phrase rather than a password – ideally your passphrase should be 16 characters or more. (Remember spaces count as a character!) Pass phrases are more secure and easier to remember. You can use song lyrics, the first line of your favorite book, or a movie quote – but don’t reuse password across multiple accounts, especially not between work and personal accounts. Read more tips on password protection.
  • Use a password manager whenever you can. Apps like LastPass, KeePass, and 1Password all make it simple to login using unique passwords, while you only need to remember one strong password.
  • Secure your home wireless network. Make sure that at a minimum a long pass phrase is required to join your wireless network and select WPA2 protocol.
  • Make sure that you have removed the “default” or vendor password from your wireless router. Those are well known and easy to look up.
  • Don’t work from public networks unless absolutely necessary.
  • Keep your work and personal accounts separate.
  • Use anti-virus software.
  • Immediately report anything suspicious to your IT team.
  • Think before you click!

Coronavirus has necessitated a number of sudden changes to our daily lives. Fortunately, we live in an era when many jobs can be performed remotely. (For those who can’t work remotely – you have our whole-hearted appreciation and thank you for continuing to carry on and get us through.) With awareness and education, security can be maintained from wherever work is getting done. Stay healthy and be well!

Contact us if you need help defining work from home cybersecurity policies and procedures or testing to check for gaps in your network security, we can help.

About the Author

Karen Sprenger

Karen Sprenger is the COO and chief ransomware negotiator at LMG Security. She has more than 25 years of experience in cybersecurity and information technology, and she is a noted cybersecurity industry expert, speaker, and trainer. Karen is also the co-author of a new book, Ransomware and Cyber Extortion: Response and PreventionShe speaks at many events, including those held by Wall Street Journal Cyber Pro, Fortinet, the Internal Legal Tech Association, and the Volunteer Leadership Council. Karen is a GIAC Certified Forensics Examiner (GCFE) and Certified Information Systems Security Professional (CISSP) and holds her bachelor’s degree in music performance (yes, really). In her spare time, Karen considers “digital forensics” a perfectly acceptable answer to the question, “But what do you do for fun?” A lifelong Montanan, she lives in Missoula with oodles of poodles.