More employees are telecommuting today than ever before. Many businesses have previously had employees working remotely, but for some, this has created a new work environment. In 2020, of course, many employees were quickly set up to work from home. The following guide will help to ensure that you have instituted secure new telecommuting policies, procedures, and safeguards.
Please Note: Personally-owned computers used by multiple people in the household are unlikely to meet the Minimum Security for Networked Devices (MSSND) Standard. Risks to consider with home systems include:
- Multiple users with administrator access allow for the download and spread of malware
- Insecure configurations leave the systems vulnerable to attacks
- Home-use software installed that are not supported and may not be patched for vulnerabilities
- Institutional information downloaded or cached to the machine may be exposed to other family members and hackers
Therefore, we highly recommend that remote workers use company-owned and managed, equipment when working from home.
Digital Security
1. Keep Work Data on Work Computers
Using a personally-owned device to conduct business puts both you and the company at risk.
2. Update and Patch
Update everything on your devices, including operating systems, web browsers, and apps. Attackers can exploit vulnerabilities in old versions of software. Enable automatic updates on Microsoft and macOS.
3. Use Anti-Malware Software and a Firewall
Install anti-malware software (anti-spyware, anti-virus) and enable a firewall on your device(s). Default firewall settings are acceptable for current Macs and PCs, but be sure to verify that they’re turned on.
4. Avoid Public Wi-Fi and Use the Company VPN
Do not use public Wi-Fi when logging into company systems or doing non-public work. Use the Firewall Virtual Private Network (VPN) or your phone as a personal hotspot instead.
5. Protect the Data on Your Device
Minimum Security Standards for Electronic Information states that sensitive/notice-triggering data must not be stored on a laptop (or any other portable device) unless absolutely necessary and, if so, must be strongly encrypted. The two most common methods to protect data on laptops are "whole disk encryption" and "file encryption”.
Whole Disk Encryption Software protects the entire hard drive
- Apple MacOS FileVault
- Microsoft Windows BitLocker
- VeraCrypt
- Dm-crypt
File Encryption Software encrypts a file or folder
- 7zip (using AES 256 encryption)
- Microsoft Windows EFS
- VeraCrypt
Enable a lock screen on your phone and be sure the settings are enabled to erase/wipe should the device get stolen.
6. Frequently Save and Backup Your Work
Frequently save your work to ensure you don't lose progress; especially when connected to remote systems. Backing up data is an important step in protecting it.
If you choose to back up to an external hard drive or USB key (NOT the most secure method for external backups), be sure to encrypt the media and unplug it after backup to protect it from malware or ransomware.
Physical Security
1. Lock Your Doors and Never Leave Your Devices in the Car
Never leave your device unattended, always lock your doors, and never leave your device in a vehicle - not even in the trunk. Keep work laptops and devices secure at all times while working remotely.
2. Lock Up Your Laptop
Lock up your laptop when you step away, even at home. Incidents happen, and it’s good practice to lock up your laptop when you are not using it.
3. Password-Protect Your Devices
Create strong passwords by using a passphrase - a password made up of multiple words. Use a unique passphrase for every device or online account. That way if one passphrase is compromised, other accounts and devices are unaffected.
Tip: use a password manager, which is a specialized program that securely stores your passphrases in an encrypted format
Enable two-step verification whenever possible. It uses your password, but also adds a second step, such as a code sent to your smartphone or an app that generates the code for you. Two-step verification is an easy step to protect online accounts. Multi-factor (three-step) authentication is advised.
4. Lock Your Screens
Configure your desktop to automatically lock after 15 minutes of inactivity and set your phone to lock the screen after no more than 15 minutes of inactivity. Shorter is even better.
5. Use a USB Data Blocker when Charging Up at a Public Phone Charging Station
Charging a phone on an unknown USB port or unknown cables is risky; protect it with a USB data blocker to prevent data exchange and guard against malware. This type of USB protection allows the device to connect to power without exposing the data pins inside.
IT Support LA is dedicated to protecting privacy; safeguarding the State’s information assets and infrastructure; identifying and mitigating vulnerabilities; detecting, responding, and recovering from cyber incidents; and promoting cyber awareness and education. We stand ready to assist and support you in your cyber security risk management efforts. Remember - cyber security is everyone’s responsibility!
Want to make sure your telecommuters and your network are protected? Take advantage of our FREE Network & Security Assessment that will reveal any vulnerabilities in your system and give you peace of mind.
Your New and Redefined IT Experience Begins with a FREE Consultation.
Give us a call or schedule online today!