With the outbreak of COVID-19 severely taking a toll on businesses across different sectors, companies are further facing new challenges of cyber security for remote workers. As steps to counter the lockdown situation and prevent the community spread of coronavirus, millions of employees across the globe have been asked to work from home with their laptops. While the business processes have been disrupted largely, working remotely has now become the need of the hour. During such situations, while some businesses already have a remote working policy in place, the others are having a tough time managing this new challenge.
Here is a checklist that can ensure cyber security for the entire team working remotely, and limit the possibility of cyber-attacks. The checklist is categorically divided into sections and sub-section, specifying in detail what needs to be done and what are the precautions that need to be taken by employees working remotely.
- Remind the employees about the importance of confidentiality of data, at all times.
- Remind your employees not to share their work devices with their family or friends.
- Let the employees know that they are bound to abide to the policies of the company and are being monitored by the company as per the terms and conditions of employment.
- Remind them that the cybersecurity protocols that were applicable at the office are now applicable at their home office, too.
- Provide employees with a VPN set up, as a solution to remote working.
- Ensure all the systems, firewalls, and antivirus software are applied without delays for systems and applications installed and updated from time to time.
- Remind employees of company policies and other relevant policies as stated by the company.
- Remind employees that visiting websites that contain illegal content is prohibited.
- Remind employees that they are prohibited to download any documents or content from unauthorized sites.
- Ask employees to only use authorized USB flash drives and cloud services.
- Electronic devices provided by the company should only be used for official work.
- Implement enforceable technical security measures on all electronic devices provided to the employees,
- Ask employees to use all the electronic devices such as laptops, mobile phones, USB stick etc to be used only for official use and to only store company data.
- Create awareness among employees about phishing and malware attacks.
- Remind employees to respect client privacy, and not share any information of the client to family members or friends.
- Remind employees not to print any personal information of clients while working from home.
- Strictly use official mobile devices for sending any message or calling clients.
- Remind your employees to get into the habit of blocking webcams, both physically and through the application, especially when on a meeting or conference call.
- Remind your employees to take a backup of all types of critical data and important documents at all times.
- Working remotely with probable issues of the network can lead to loss of information or data therefore, backup of all work is essential.
- Employees should be reminded of only using approved hard disks for taking a backup of their work/information/data.
- Remind employees not to share passwords with any family member or friends.
- Avoid sharing official passwords and pins to any person via SMS or email or even verbally.
- Ask your employees to keep strong passwords and avoid using automatic remember password options
- Employees should remember all the passwords and shouldn’t expect a reset of the password by the company over phone calls.
- Ensure you make two-factor authentication for logins, mandatory.
Create awareness about Phishing emails and scams:
- Ask your employees not to open any suspicious email attachments or download any suspicious files as it could be a malware.
- Remind employees to avoid opening any kind of pop-ups on their work devices.
- Ask employees to immediately report on any malware and ransom ware, in case they come across it on their work device.
- Streamline processes to report any kind of suspicious incident.
- Educate employees on the different types of social engineering attacks and ways to not fall prey to it.
- Remind employees to check and ensure they only receive emails from authorized sites and company domain or only trusted source from where they have earlier received emails.
- Ask employees not to share any confidential information with an unauthorized individual.
- Ensure that the company has an incident response policy in place. Ensure to frame, test, and implement such a policy.