Work From Home – Security Checklist

With the rise of remote work arrangements, ensuring the security of your work-from-home setup is more important than ever. Whether you’re a freelancer, remote employee, or entrepreneur, safeguarding your digital workspace is essential to protect sensitive information and maintain productivity.

To help you create a secure work-from-home environment, we’ve compiled a comprehensive security checklist covering various aspects of remote work.

1. Cybersecurity

Cybersecurity is a critical concern for companies that have employees working from home. Remote workers may not have the same level of security as those working in an office, and may be more vulnerable to cyberattacks.

To ensure the security of remote workers, companies should implement a comprehensive cybersecurity strategy that includes the following elements:

Ensure laptops/devices have hardware encryption
Where possible, ask that screen filters are used to make shoulder-surfing harder
Make 2 factor authentication (2FA) mandatory for all remote workers
Including email and when accessing any critical systems or applications
Encourage staff to use password managers
Remind staff NOT to open links or documents with Coronavirus information. Ask them to report these
Remind staff about the need to protect confidentiality
Ask staff NOT to defer critical updates to software
Remind staff that surfing porn, amongst other things, is illegal
Staff must not visit sites like illegal movie websites as they pose a risk of ransomware and malware infection
Remind staff NOT to lend their machines to their children or other members of the family
Stress the IMPORTANCE of NOT sharing passwords (remote working can lead to more password sharing)

2. Privileged Users

Privileged users, such as administrators and executives, may be at a higher risk of cyberattacks when working from home, as they often have access to sensitive data and systems. To ensure the security of privileged users when working remotely, companies can implement the following measures:

Ensure you inform all IT and business privileged users and:
Remind them of their responsibilities
Insist that they DO NOT login for DAILY tasks with high privileges
Demand that they REPORT all errors/confess to mistakes immediately

3. Phishing Emails

Remind staff that it’s ok to make a mistake and that they should own up if they have:
Accidentally clicked on a suspicious file and or link
Opened a suspicious PDF or Word, excel file with a macro
Staff MUST report malware/ransomware infections immediately

4. Online Meetings & Calls

Remind staff to MUTE the microphone when they are not speaking in a conference call
Educate all staff to ensure webcams are blocked by default
Remind staff NOT to leave their machines UNLOCKED, especially during a call or when visiting the loo
Ask staff NOT to work from coffee shops or public places (if possible) – especially if they are on confidential calls or working on confidential documents

5. Privacy

Remind all staff of their responsibility to respect the privacy of your clients and your staff
Remind IT and cybersecurity folks to be extra vigilant for possible malicious activity on user accounts
Staff must be reminded NOT to email personal information via email OR store personal information in non-approved locations
Staff members may be exchanging personal phone numbers and or emails. If possible avoid this OR ask staff to prepend “delete-later” to the name of staff if they save these details

6. Exceptions (Get ready to grant exceptions left, right and centre)

If you don’t have one yet, create an exceptions register
Create a review by date and put multiple calendar reminders for you/your team to review them
Where possible, have a “No way this is an exception” list

7. Cyber-attack & Incident Response

To find out more about our UK-Government NCSC certified on incident planning and response, email us on info@cm-alliance.com or call us on +44 (0) 203 189 1422
Constantly remind staff to be alert for phishing emails and other attempts to compromise/steal account details
Staff must report these emails and malicious activity
Encourage them to call certain stakeholders if they want to
Security staff must be extra vigilant and actively seek out suspicious activity (given the remote working habits of users this may be operationally expensive)
Ask IT and security staff (including outsourcers) to pick up the phone and call if it’s important rather than solely rely on email. (use a separate out of-band app or something as simple (not very secure) as WhatsApp groups for urgent communications
Keep a printed copy of your procedures and checklists at home AND make sure they ARE not easily accessible
Remind all staff that it’s ok to make mistakes (like sending emails to wrong recipients, clicking on a malicious link, causing an outage etc) and that they MUST own up immediately. Stress that in most cases there will be NO repercussions

8. Backup Backup Backup

Provide staff software to ensure their critical documents are backed up
Ask staff to back up their data on an approved external hard disk that is NOT permanently connected to the device
Ask staff NOT to use approved external cloud storage services
Ask staff to reach out to discuss any cloud storage or cloud service solution that they want to use

Conclusion

Implementing these security measures outlined in the work-from-home security checklist can significantly enhance the security posture of your remote work environment. By prioritizing network security, device protection, data encryption, and employee training, you can mitigate the risks associated with remote work and ensure a secure and productive remote work experience.

Remember, maintaining a secure work-from-home setup is an ongoing process that requires vigilance and proactive measures to adapt to evolving cyber threats. Stay informed, stay vigilant, and prioritize security in your remote work environment.

Stay safe and secure while working from home!

You may also like: