The working world has changed forever. Gallup found that, of all the US workers who can work remotely, only two in ten are currently working in the office full-time. Where employees can choose their location, they are taking that opportunity for at least part of the week. Unfortunately, this can add pressure to the company’s IT department, given the nature of security risk that remote working entails. Which is why we have created a work from home IT security checklist.
Remote work IT security challenges
Here are some of the major security concerns related to remote working:
|Phishing emails||Working on personal devices, using personal email with lower security thresholds or simply being more blasé about security when working at home can lead to workers falling for phishing email scams. This can then result in criminals accessing sensitive business materials.|
|Unsecured devices||The security protocols of personal devices can also invite malicious attacks from bad actors. Without the corporate firewalls and spam filters that come with office computers, there can be serious vulnerabilities when working from home.|
|Unsecured networks||Home networks are rarely well-protected even if the remote worker has installed robust antivirus software on their devices. When they work from a shared space, such as a coffee shop or library, that network could be vulnerable, too.|
|Data storage||As soon as employees use programs other than those approved in-house to store or share personal data related to their work, they could be in contravention of data protection laws and risk leaking that information.|
How to engage employees in remote work IT security
Gallup also found that, when an employee’s working location preference doesn’t match their current location, they are more likely to burn out and less likely to be engaged. This means that the solution to remote working security threats is not to simply recall workers to the office permanently.
In order to keep security at the forefront of their minds, you have to communicate with them clearly; you have to let them know exactly what the risk factors are and how to mitigate them. Relate the threats to real-life situations they might find themselves experiencing.
You need to show that your security policy is being lived by throughout the organization. Ensure that senior leaders are also taking steps to learn how best to protect themselves and the company when they work from home.
This buy-in creates the right type of company culture to engage employees. It encourages them to keep security at the forefront of their minds, wherever they are working.
Work from home IT security checklist
✅ Organize IT security training
The idea of training sessions can put off some employees, but it is essential that they understand the security threat and their role in averting it. Make training sessions interesting and enticing for them. Bring the subject to life, and deliver the message that security needs to be at the forefront of their minds when they work from home.
It is advisable to break the training down into manageable chunks. Provide short, regular, and focused sessions that tackle single subjects, instead of trying to overload what could be seen as fairly complicated topics all at once.
✅ Monitor third-party vendors
One of the side effects of digital expansion is the fact that all third-party vendors your company enagages are now part of your IT ecosystem, too. This means that there is another route cybercriminals can use to access your systems.
It is not enough to simply secure your own employees’s access to company systems. You also need to look up and down the supply chain to gain an insight on how secure the systems of these parties are, and how they might affect your business.
✅ Implement email security practices
As much communication in businesses occurs through email, you need to ensure your security practices are as strong as possible. Otherwise this can be a real vulnerability in your system and leave you open to attack.
Look into encrypting sensitive content in your business emails and implementing identity verification. Make sure that your spam filters and virus scanners are up to the job of protecting your organization.
✅ Establish an access control policy
Not everyone in your business needs to be able to access all of the information all of the time. By keeping access on a need-to-know basis, you reduce the amount of data available to hackers if they do compromise a remote worker’s device or network.
For example, your press department does not need access to all of your financial reporting, and your customer relations function will probably never have to access the data used by your IT department. If employees cannot access superfluous information from their devices, neither will the hackers who access their device.
✅ Monitor your cybersecurity performance
As with any area of your business, monitoring the performance of your policies and procedures is important. If you monitor how well your employees are adhering to your work from home policy, you can spot danger signs before they become major issues.
Check in with employees to find out how they are getting on, analyze their activities, and make sure they are complying with the measures you have put in place to keep them and the company safe online.
✅ Enforce strong passwords
One of the best ways that remote workers can increase the security of their working practices is to use stronger passwords when accessing programs that they need for work.
The more complicated the password, the more difficult it is to hack, and the more likely it becomes that the criminal will simply move on to try and decode an easier login. If a password contains ten characters, taken from all available characters, it has three quintillion possible combinations. If the user chooses a random word on its own, that narrows it down to around 600,000 possible combinations, showing the benefit of complicated passwords.
✅ Encrypt all company devices
By requiring remote users to work on company devices and ensuring they are all encrypted, you can reduce the security risk greatly. It might not prevent some kinds of attacks on those devices, but it does mean that the data is almost impossible to penetrate and understand by the attacker.
This also allows you to remotely wipe the device using a mobile device management system in the event that the user loses it or has it stolen. This makes such a device useless to the criminal and keeps your business information safe.
✅ Ensure employees only use IT-approved cloud services
The use of unsanctioned apps, programs, software and hardware for work purposes is known as shadow IT. This can cause a number of problems for IT departments.
These programs could offer lower than optimal security protocols and other vulnerabilities that make them inappropriate for business use. However, they are often the apps and cloud services that employees are comfortable with because of personal use. Unfortunately, they are also often easy to hack or inappropriate for for storing data.
Your shadow IT policy should prevent remote workers using these solutions. It should point them towards the secure, approved versions.
How to secure the work from home environment
Securing the work from home environment requires the use of VPNs to make it more difficult for hackers to access the corporate network. Employees should also make sure that they update their device software and that of their apps regularly so that they are always running the latest, patched version.
Anti-virus software, firewalls, spam filters and secure log-in credentials are other ways to keep remote workers safe.
Work From Home IT Security Checklist Example
Here is a handy IT security checklist for remote workers. It can help create procedures and routines for checking that workers are doing all they can to stay protected.
Is remote device wiping recommended for work from home security?
The ability to wipe devices remotely is essential for managing remote workers. If someone was to break into their home and steal their device, they could access all the sensitive business information unless you could wipe the device. Similarly, with some employees working in public places, the risk of losing devices or having them stolen increases.
How do you handle endpoint security when working from home?
With employees working from home, the device used for their job will share the network with other laptops, phones, TVs, doorbells, personal assistants and more. Employees should inform their IT department about all of the devices on their network and make sure that they keep them updated to the latest software versions.
Should you require employees to log out?
Logging out from devices used for remote working is advisable, especially if there are other people who could access the device. Whether the user works from home or from a public space, there is often someone else who could get into the device if they do not log out when they are taking a break. This increases the security risk.
We hope this work from home IT security checklist will help you protect your business and still allow employees to enjoy the flexibility of working from home. Remote working is here to stay, so you must find ways to make it as safe a practice as possible for your organization.
One way to do that is to monitor your networks for shadow IT and other potentially damaging software. Vaultry monitors every device connected to your network, alerting you to risky software and allowing you to remove it immediately. Get started with Vaultry to protect your business today.