Work form home cybersecurity Do’s and Don’ts

This is a stressful time for many business owners. As you start to set up work from home (remote work) system to operate your business. You should take this time to apply the following do’s and don’ts to help your business over the next few months. If you don’t have access to a CISO to answer your questions you can send questions to [email protected] and we will help you. 

Yes, cybersecurity threats are increasing and the hackers are not going into quarantine. They are taking advantage of this opportunity to brach your systems and not get detected.  

1. Do work with HR and Finance to establish guidelines for what you will and will not provide or pay for. What office equipment and devices, if any, will you buy, reimburse for, or let people take home? Beyond monitors and keyboards, think about the various job functions and what they need to be efficient from home. Things like headsets and small dry erase boards are often overlooked. This also means that you need to have an inventory of equipment and where it is going, otherwise your offices may look like they have raided. You should be aware of the BYOD hardware that is getting introduced to your business at this time. These could become weak points of vulnerability in the future. Do apply endpoint monitoring to track your threats.
2. Don't be surprised to learn that one or more people in your organization have poor internet bandwidth, don't have any internet access, or even "borrow" their neighbor's unsecured network while at home. Like equipment, it's best to plan ahead for this situation. The internet connection people have at home may not be as good as the work internet, therefore, creating issues for VOIP, Video conferencing or ability to connect. Some connections may also experience congestion issues. Therefore determine how you will support your employees to upgrade their data connections. 
3. Do establish a backup communication platform for IT and Security. If you use Slack, Microsoft Teams, or a similar service, what will you fall back to if they become disrupted? If people are using their own machine factor in setup time to install and test things are working.
4. Don't assume everyone knows the policies. Review, revise, and re-communicate your Mobile Device and Remote Work policies. If you don't have them, now is the time to create them. If they're the typical policy documents that read like end-user license agreements, consider providing the "Cliff's Notes" version with some humor mixed in. You may realize that your policies are not suitable or need to be updated to factor new issues.
5. Do test your VPN and make sure everyone can and knows how to connect to it. Larger organizations should consider stress-testing their VPN to ensure it's up to the 9 AM challenge.
6. Don't underestimate the challenge of providing IT support to a remote workforce. Expect hardware to fail. Establish clear lines of communication and make it as easy and stress-free as possible for people to ask for and receive help. Stay connected to your team with periodic, but not overly frequent, check-ins. IT issues may result in slow productivity therefore open communication will help you understand where your challenges are.
7. Do use this as an experiment for potentially expanding your team's or organization's work-from-home/remote policies. When this is all done, expect people to use this as evidence as to why they can be as, if not more, productive when working remotely. Take note of what works and what could be improved. Determine metrics to track people’s effectiveness remotely, it may be more of a challenge for some people during this time to create new routines.
8. Don't expect everyone to be able to work remotely. Remote teams/companies interview for the skills and traits necessary. More seasoned team members tend to handle it better than their less experienced colleagues. Not everyone will know what to do without the buzz from being in an office. Stay connected to individuals and hold them accountable. Using video conferencing may help you communicate and feel connected. Some people like to have Zoom open at certain hours per day to provide that “got a minute” style connection for all team members. 

ChatFortress is a leading cybersecurity company helping business owners protect their assets from cybercriminals. We provide companies with access to the latest technologies, social engineering and human behavioral strategies, and user education to create a proactive cybersecurity culture. Helping you fortify your business against cyberattacks. ChatFortress is the creator of CybersecurityReportCard.org the free cybersecurity audit.