Security Checklist for Work From Home (WFH)

Security Checklist for Work From Home (WFH)

Print this list: Security Checklist for Work From Home (WFH)

▢ Refine your password policy Now’s the time to strengthen your policies. Require long passwords (or better yet, passphrases); mandate regular changes; and lock out accounts after a failed login. Emphasize to employees that they cannot re-use their work passwords for any of their personal logins

▢ Require multi-factor authentication (MFA) Also known as two-factor authentication (2FA), this is absolutely your best defense against cybercriminals using stolen credentials purchased on the dark web to masquerade as employees and infiltrate your network. If you use cloud-based email, productivity suites or other applications, if MFA is available, turn it on. If users need to access your internal network, put an MFA solution in place.

▢ Require a VPN for accessing your internal network) A VPN encrypts the traffic as it traverses the internet so it can’t be read by eavesdroppers. As a plus, a VPN connection allows extending more of your internal-network security measures to remote devices. Get a VPN! If you have VPN for some workers, purchase licenses and capacity to cover the all users. Employees accessing resources on your internal network, the combination of a VPN and MFA is a must.

▢ Instill the habit of locking / logging out When they’re taking their lunch break, are done for the day or anytime they’re away from their device for more than few minutes, they should log out from the corporate network. Lock your computer when you walk away for a break.

▢ Verify who is calling Cybercriminals will often call employees pretending to work in the IT department. If you receive an unsolicited call, never give out your password or any private / confidential information. If they want you to do anything, stop and call your manager.

▢ Workers need to be network-aware & Wi-Fi wary The employee’s home network and other devices connected are out of your control. They should turn off file-sharing and make sure their home router and Wi-Fi access point has a strong password. Also, be sure that WPA2 security is enabled. Remind them never to connect to an unsecured or open Wi-Fi access point that doesn’t require a security key.

▢ Invest in advanced endpoint protection (EPP) for home workers You can’t trust that the antivirus installed on their home system or personal device is up to the job. An EPP platform detects fileless, zero-day, and nation-grade attacks in real time. Response that surgically reverses and removes any malicious activity.

▢ Patching and updates Make sure your systems and applications are up-to-date, especially security-critical systems that run 24/7. Tell your home-connected workers to enable automated updates on all their systems, to be sure they’re current with all security measures.

▢ Cybersecurity training for employees No matter how much technology you put in place, the most important piece of protection is your employees. Phony notices from work to confirm login credentials, visit business-related websites, handle requests from the boss, and other scams are on the rise as cybercrooks try to cash in WFH workers. Knowledgeable, vigilant employees are less likely to fall for them. Especially when they are working remotely, a regular training program will keep their guard up.

▢ Keep it digital Avoid printing sensitive and regulated information to paper. If you must, make sure you don’t leave these documents laying out. When you are done with the documents, shred immediately. Never place them in the trash or recycle.

Print this list: Security Checklist for Work From Home (WFH)

View the webinar: https://www.ascgrp.com/cybersecurity-for-small-and-medium-businesses/

Are you missing one or more of the checklist items? Start your conversation with us now.

Start the Conversation