Cybersecurity Checklists for Remote Working

  • Conduct a comprehensive risk assessment and business impact assessment for critical functions and processes in the organisation.
  • Update and communicate acceptable use policies for employees and address the use of home computing devices.
  • Define data classification categories and data privacy requirements for the organisation.
  • Identify functions requiring secure IT environments that remote working may not provide, and develop ways of performing them.
  • Anticipate how the entities your business depends on, e.g. cloud, network infrastructure providers, and others may be affected by COVID-19 disruptions, and develop continuity and resiliency options.
  • Refresh and update cyber incident response, continuity plans, and disaster recovery plans to address current operational needs.
  • Regularly communicate cybersecurity awareness messages to employees to reinforce security procedures.
  • Provide secure access solutions with sufficient capacity for the increased number of remote users.
  • Offer security protection on endpoints.
  • Enforce software updates to remote workers.
  • Reassess rules such as geo-blocking that could prevent remote access.
  • Increase IT help desk capacity and hours of operation to handle the increase in services required by remote workers.
  • Ensure that cybersecurity alerts and audit logs of critical systems, for example, VPNs, firewalls, endpoint security tools, and critical business applications are centrally collected and analysed to detect and respond to suspicious/malicious activity.
  • Review/update VPN profiles and firewall rules to ensure employees are assigned appropriate privileges based on their roles.
  • Implement procedures requiring approval from data/system owners for provisioning and de-provisioning of remote VPN and other accounts related to critical business applications.
  • Enable multi-factor authentication for VPN and critical information systems.
  • Disable split tunnelling for VPN profiles to ensure that remote employees cannot access the internet directly from their laptops while using VPNs to access corporate information systems.
  • Create a shared channel — for example, #phishing-attacks — or email address where employees can report suspicious emails.
  • Develop tailored cybersecurity awareness messaging for remote workers and deliver it online to all employees. Include topics such as social engineering, password constructs, email security, etc.
  • Detecting and avoiding elevated phishing threats, including COVID-19 scams and fraudulent websites.
  • Ensure secure use of Wi-Fi, both at home and in public.
  • Not using company computers for personal email, file sharing sites, or social media without approval.
  • Saving and securing needed printouts of work files or emails and shredding others.
  • Avoid copying work files or information to personal devices, including home network drives and personal online storage.
  • Muting or shutting down in-home digital assistants that may continuously record nearby conversations.
  • Not permitting family members or others to use company-provided equipment, including laptops and phones.
  • Eliminating default home Wi-Fi router passwords and performing other home security checks.
  • Confirming screen locks are enabled to ensure workstations are secured when not in use.
  • Never leave laptops and mobile devices unattended in public spaces or unlocked at home.
  • Use company-approved cloud services or data centre storage instead of local storage, particularly for sensitive information such as personally identifiable information, protected health information, financial data, and trade secrets.
  • Avoid the use of USB sticks and other removable storage.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Insights by pcl.

Insights by pcl.

Phillips Consulting Limited (pcl.) is a leading business and management consulting firm serving clients across Africa. www.phillipsconsulting.net/