Working RemotelyMarch 31, 2020
Given the current national situation, there is a need for more employees to work from home. The Cyber Readiness Institute has developed a “Securing a Remote Workforce” guide for businesses handling this transition.
In addition to those recommendations, we offer the following security guidelines to keep yourself and your business safe from cyber concerns during this time.
Computer Security Guidelines
- When you are logged on to work from home, please be careful when you walk away from your computer. Be sure to lock your screen or log out, just like when you are working in the office.
- Be careful with your business passwords. Don’t share them with family members or roommates. Don’t leave them written down where others may find them.
- It’s important to work in a private and separate room (if possible) in your house or apartment free from noise and distraction. If you are on a phone call, and you are NOT talking, consider muting your phone. This will prevent noises from roommates, family members, or pets from interrupting your call.
- If you are using a work-issued computer, don’t attach personal equipment to it other than a monitor or headset. Do not attach a personal USB drive to a work-issued computer. If you are logging on from a personal computer, exercise caution with your activities.
- Be careful with any work documents you print or have stored in your house. Store them securely (in a locked drawer) and bring them back into the office when you return.
- Don’t allow family members or roommates to use work-issued equipment. They may browse to sites or download software that is outside of corporate guidelines. These sites or software may cause security issues on your computer.
In addition, times of uncertainty present opportunity for social engineering attacks and phishing attempts. Please pay attention to the following guidelines.
Social Engineering Guidelines
- Don’t announce on social media that you are working from home. This announcement can create an opportunity for someone to target you.
- If you get an unusual request from a coworker, DO NOT RESPOND directly to the request. Call the coworker or start a new email to see if the request is valid.
- If you get an unusual request from a contact outside your organization, don’t respond directly to it. Pick up the phone, call the person via a publicly verifiable number, and ensure that the request is valid. Use contact info that you already have for that person, and not contact info supplied in the suspicious email.
- Hackers and Phishers are using COVID-19 and the Coronavirus in targeted email campaigns. Refrain from opening emails outside of your organization that mention Coronavirus or COVID-19.
By following these guidelines, you can ensure that you and your business are safe from computer security issues during your time working remotely.
This information should be used as a guideline and is not intended to replace the emergency preparedness advice of state or federal authorities.