Setting Your Business up to Work from Home Securely
(Note: This article is being updated constantly. Check back for more.)
As the novel coronavirus (COVID-19) continues to spread, many businesses are assessing how they can prioritize their employee safety and still maintain regular business operations.
One solution many businesses are turning to is recommending employees to work from home to avoid potential illnesses. Most recently, Google has recommended all North American employees work from home if their role allows it.
With the likely increase in remote work, companies will have to prepare in various ways to avoid cybersecurity risks or interruptions to business. The primary challenge is that when your workforce shifts to remote the security risk increases. Therefore, the firewalls, and other security features you have in place at your office, could be ineffective when employees head home.
CISA’s VPN Guidance
The Cybersecurity and Infrastructure Security Agency (CISA) released an alert on 3/13 to encourage organizations to adopt a heightened state of cybersecurity. According to the CISA, remote work options require a VPN solution to connect employees to an organization’s network. The CISA encourages organizations to review the following recommendations when considering alternate workplace options:
- Alert employees to an expected increase in phishing attempts.
- Implement MFA on all VPN connections to increase security. If MFA is not implemented, require remote workers to use strong passwords.
- Use a Secure WiFi Network: If possible, you should work on your secure, private home network instead of relying on public WiFi. If you send your data through an unsecured WiFi connection, you lose the power of privacy making it possible for cybercriminals to intercept your data. You may be putting personal information at risk if you are accessing your email account or sending sensitive data over a public WiFi network.
- Secure Your Home Workstation: Ensure you have fully patched and updated anti-virus and anti-malware software. It’s important to follow the same best practices you would as if you were in the office, and report any suspicious activity or concerns to IT.