Work from Home Cybersecurity Guidelines

April 1st, 2020
Work from home cybersecurity guidelines

Enabling mass Work from Home capabilities introduces major
cybersecurity risks for small businesses, non-profits, and local government
agencies.  Below are some guidelines for your IT team as well as your
employees who will be Working from Home.

IT Team Cybersecurity Guidelines

  • Enable Whole Disk
    Encryption on any computer that will leave your corporate offices at any
    time, especially for Work from Home
  • Local admin accounts are
    known with strong passwords
  • Limit external sharing
    of Cloud applications (OneDrive, etc)
  • Enable Mobile Device
    Management for remote wipe capabilities
  • Review and enable remote
    endpoint security tools that can be centrally reviewed and monitored
  • Provide ability to
    securely exchange files and information externally and internally (i.e.
    Secure FTP, secure send encrypted email, etc.)
  • Enable Multifactor
    Authentication for remote connectivity that expires after 4-8 hours of use
  • Review Incident Response
    procedure with all relevant parties

Employees Cybersecurity Guidelines

  • Secure workspace
    • Ability to lock laptop
      and any business relevant information when not in use
    • Safely perform
      conversations without visitors eavesdropping or shoulder surfing
  • Wireless Security
    • Change default Wifi
      Router passwords
    • Enable WPA-2 or higher
      encryption; Strong
    • Ensure your local
      router firmware is updated or replace local router is older than 5 years
  • Personal Device security
    • Updated IOT Device
      firmware  (Smart Thermostats, Surveillance cameras, Alexa/Google
      Home devices, etc.)
    • Ensure default
      passwords are changed Updated software on all devices within your home
      network (Corporate laptop, IOT devices such as cameras and Smart
      Thermostats, personal laptops/tablets, etc)
  • Review corporate
    policies and procedures for Work from Home
  • Don’t use your corporate
    laptop or computer for personal use, and don’t access corporate network
    resources from a personal computer
  • Don’t post personal or
    business itineraries, corporate info, daily routines, etc. on social media
  • Be aware of huge
    increase in email phishing, especially around Covid-19

Using these guidelines can help your small business or organization be more secure during these trying times.