Remote work has become very popular over the last few years, but a lot of companies have mostly resisted. The Coronavirus is changing all of that! As you may notice many companies have sent out messages stating they are going to practice “Social Distancing” and are encouraging their employees to work remotely for the next 14 days and possibly longer.
If your company is one of those who are encouraging employees to work from home when not feeling well due to the intense Flu Season you might be thinking, how do we actually do this and stay on track? I have some suggestions below to get best practices in place.
I am also being asked, “Why should I take this so serious? I’m just using my home internet…” Currently, hackers have been targeting consumers with Phishing Email Attacks and targeting private home IP Addresses with the hopes of gaining access and gathering a user’s identity, a system they are using, or other exposed data due to lack of security policies and practices in place. Most homes do not enforce a data security policy, but I believe this current Coronavirus challenge is going to force us to start thinking about security and policies on our home networks and devices. I have put together some suggestions to have your MSP (Managed Service Provider) or IT Manager to put in place to keep you and your business secure and safe when working remotely from your home or anywhere else you connect to the internet. You can read more on the topic of attacks in this Forbes article: 2,500 Attacks In Less Than A Day
Tips for Secure Remote Working in a Time of Emergency
1. Watch Out For Bad Actors
What is considered a Bad Actor? Someone who is trying to impersonate a colleague or create panic or threats on a user or organization. Currently with all of the talk of Pandemic and the Stock Markets taking a hit, we are seeing a lot of fear inducing tactics. A common tactic for bad actors is to capitalize on issues or events that trigger a gut response, like fear, in the reader. Email subject lines like ‘Corona News Flash’ or ‘X New Cases in (Insert City Here)’ stoke the flames of uneasiness and try to get a user to click without investigating if the email is even credible. You can read more on these tactics in this article by INFOSEC. Top 7 coronavirus phishing scams making the rounds
There are easy ways for an end user to spot a phishing email, and some security awareness training will get them to take a few seconds to look for them before taking the next action on an email. Here is an upcoming webinar for Security Awareness work working from home, this is open to the public and free: How to Be an Effective Employee While Working from Home
2. Secure Connections
Now that you are planning to access important documents or applications from a connection outside of your company, you need to make sure you have a secure VPN connection setup and working properly. This may be something your IT will need to install or configure. Or you may already have familiarity with this and use the VPN your company has provided in the past.
You will also want to enable 2-Factor Authentication (2FA) on all services you can like Banking, Office365, Google, etc. I recommend this for all company and all personal services that have this feature. 2FA is extra layer of security that provides another barrier to a password. Even though you have a complex password, think of 2FA being a steel door behind the screen door that is your password. How it works is when you login to a system, you then get an email or text message with a temporary code that you enter to gain access to the system.
3. Communicate with your Remote Workforce
Let’s be up front, the tough part about remote meetings at first is the lack of face-to-face interaction along with being confident that your connections and everything you’re using are secure and protected from virtual intruders. Below are the 4 items to get your companies remote workers communicating and collaborating.
Work vs. Personal Email
Are your clients and their colleagues able to access their work emails outside of the doors of your business? Do you have their email server set up in the cloud to allow for business continuity in the event of a remote work scenario? Have that set up and in place so that their teams can communicate as if they were in the office and wouldn’t have to use their personal email to communicate with you or, worse, your clients.
Secure Access to Voice and Phone Systems
Provide your clients with explicit instructions on how to access these systems and provide a hotline to call someone to help if it’s not working appropriately.
Implement Chat Functionality
Chat programs like Slack, Microsoft® Teams, or Cisco® Webex Teams™ are great ways for your clients to communicate in real time with colleagues wherever they may be. Pick a tool that can set up team spaces so they can segment certain colleague groups as needed.
The chat programs you implement will allow for video conferencing, so clients won’t miss a beat with meetings. Encourage them to implement a camera-on policy so they can have the same face-to-face touchpoints they would have if everyone were in the office. Send out meeting agendas ahead of time so everyone can prepare and stay focused.
4. Create a Policy for Remote Workers
Putting remote work policies in place are necessary steps to ensure your clients understand what they need to do to maintain a secure remote work environment. They also show they’re meeting state and federal compliance standards when handling sensitive client information when their colleagues are away from the office. Below you will find a link to a Policy Template developed by ConnectWise : Remote Worker Policy
If you and your organization need help developing a remote worker culture and policies or if you would like to get a handle on your security and disaster recovery needs, reach out to NetSmart Plus of Applied Innovation. We will ensure that your data is protected and secured so you can keep working and rest assured we have you covered.