Remote workers present a unique challenge for many businesses now that they’ve sent their people home to do their jobs. Here are some guidelines to put into place for remote workers.
Avoid public Wi-Fi
Public Wi-Fi is not secure, so it introduces a significant risk for information and data being sent and received over this type of network. Without a firewall between the computer and the public Wi-Fi access point, anyone using the network can sniff the line to see what data are being moved and you won’t even know it! Additionally, traffic can be monitored by anyone on the network to see not only what is being transmitted, but where the transmissions are going.
Keep Work Data on Work Computers
It’s always best to keep work data on a work computer because this computer has already been configured for secure Wi-Fi, a VPN connection, encryption, anti-virus, and end-point protection. If an employee decides to be lazy and sends an email with sensitive data or personally identifiable information, the company can be put at risk.
Block the Sight Lines
Be sure to implement a policy where when working in a public location, sightlines are blocked to the computer screen from all angles. If someone is around the screen, they can observe work being done and ultimately, work being sent and received. Also, never leave a remote or portable device unattended, even to use the restroom. Remove USB sticks or portable drives when not in use.
Encrypt Sensitive Data in Emails and on a Portable Device
Sending and receiving emails with sensitive data is always risky. The interception of data from bad actors through public networks is so much easier to do. If data is encrypted, it will prevent an unintended recipient from viewing it. Also, be sure to set your hard drive to encrypt all stored data in case of loss or theft.
Lock Your Doors
This is Security 101. If things are locked up, they are much more difficult to take. If an employee has a locking home office, make it a policy to require the door to be locked when the office is not in use, especially if there is sensitive data or a laptop being stored in the office that holds sensitive or privileged information.
Never Leave Your Devices or Laptop in the Car
It is best practice and should be policy to advise employees to never leave their work devices and computers in their vehicles. The trunk is not safe either. There are criminals who watch parking lots or case neighborhoods looking for things like this, so the best thing to do is to bring the devices and computers inside.
Don’t Use Random External Drives or Random Thumb Drives
A classic hacking technique is to drop a high capacity thumb drive outside a company being targeted for attack. The hacker waits for an employee to pick up the drive, insert it into a computer inside the company where that employee unwittingly gives the hacker access with malware or a hidden trojan. Advice employees to beware of this and not to use random drives if they aren’t sure of their origin.
Formalize Working from Home and Remote Work Policies
Good policies and safe technologies will help remote workers during this time of uncertainty; however, employees are going to be a company’s biggest risk. General work from home and remote work policies on computer and internet use can help, and these policies can be enforced with both technical and administrative controls. Educate employees by explaining some of these best practices. Train staff during yearly security awareness training and make security best practices part of future onboarding training for new employees.
Reference: https://ci.security/resources/news/article/8-best-practices-for-working-remotely
