Staying Secure While Working from Home

by Sarah Harvey / April 17th, 2020

When your employees begin working from a remote workplace, there’s a number of new security threats they can face. While you may already have thorough information security policies and procedures implemented in the workplace, these detailed security controls don’t always transfer to remote work. To mitigate vulnerabilities and protect your remote employees from malicious attacks, make sure you’re following these five tips for remote employees and remote workplaces.

5 Work from Home Security Tips

  1. Provide training on security and technology – The first secure work from home practice is to train your employees on security protocols, technology use, and basic communication tools. Include instructions on securing WiFi routers, using MFA, deploying a VPN, and any other relevant security processes in your training. You should also encourage or require your employees to complete training that is specific to work from home environments. KirkpatrickPrice provides Security Awareness Training that can provide you with the tools to equip your remote employees with secure, up-to-date practices.
  2. Reset default passwords and implement MFA – Default passwords on home routers, passwords that don’t meet industry best practice guidelines, and insecure storage of passwords are major security threats. By performing a password audit and implementing MFA for all devices, you’re increasing the security of the information your remote employees store.
  3. Backup data on the cloud – The beauty of the cloud is its ability to provide a space for remote employees to regularly back up their work in secure ways. Automatic backups can be initiated so that you don’t have to rely on employees to initiate the backup process in their remote workplace on their own. Don’t forget to focus on cloud security best practices to ensure the data you’re storing in the cloud isn’t vulnerable to threats.
  4. Update all software and patch vulnerabilities regularly – The latest antivirus, firewall, web filtering, and encryption updates need to be implemented regularly to ensure your remote employees’ devices and applications are secure. The same guidelines should be followed for a remote workplace as are written in your company-wide security policy regarding the schedule of software updates and patch management. Keep your eye out for vulnerabilities in the new tools you’re using.  For example, with so many new users on Zoom, it’s lucky that security researchers discovered an unpatched Zoom bug that could lead to UNC path injection.
  5. Engage in penetration testing to assess your remote securityPenetration testing is beneficial to your organization because it gives you the opportunity to find gaps in your network, applications, and code before an attacker does. For remote work, IT staff will often opt for quick solutions rather than the most secure. Penetration testing can check their work and help you ensure your remote employees are operating securely.

Policies You Need to Implement for a Secure Remote Workplace

With the increase of remote workplaces comes a number of policies that need to be updated to encourage productivity, security, and efficiency. The information security policy that you’ve developed for your company should be adjusted to fit the needs of your remote employees, although there needs to be a deeper focus on remote security. Take a look at this list of relevant policies you should develop for remote employees:

  • Equipment Access Policy
  • Physical Security Policy (Remote Office)
  • Acceptable Use Policy
  • Password Protocols
  • Remote Access Policy
  • Network Security Policy
  • Hours of Availability Policy
  • Response Rate/Communication Policy
  • Confidentiality Policy
  • Encryption Policy

If you need help developing a set of information security policies to address issues you may find in a remote workplace and other helpful work from home procedures, KirkpatrickPrice is here to help. Our information security experts are available to discuss your organizational needs and help you develop policies and procedures that will help keep you secure. Contact us, today, to learn more.

More Resources

Are Your Remote Employees Working Securely?

Security Awareness Training Compliance Requirements: SOC 2, PCI, HIPAA, and More

15 Must-Have Information Security Policies