All of our staff have been working from home for the last few months. Due to the nature of our business and the way we are setup working remotely hasn’t had much impact on our ability to provide service to our clients.
However when ALL of your staff are working from home there are some security considerations that you cannot ignore. It’s also important that staff are reminded about these obligations from time to time.
Below is a list of things to consider based on what we are doing, but obviously edited to remove specifics like the software etc., that we are using.
Guidelines for securing your PC and network during the Work from Home period.
- Anti-Virus All machines being used for work purposes should have anti-virus installed – you should not be using any desktop/laptop/Mac for work purposes without it.
- Email threats – please be aware of phishing emails, as scammers are still taking advantage of the current crisis– avoid clicking on any email that looks remotely suspicious, or if the sender is unknown. Be even more careful with attachments in emails. If in doubt contact the helpdesk (assuming you have one)
- Wi-fi routers –You should ensure that your wifi SSID password is using WPA2 and the wifi key is longer than 16 characters. You should also reset the default router password if you have not done so already. (Many ISPs historically shipped routers etc, with very weak passwords)
- VPN many companies will mandate the use of one.
- Acceptable Use Work machines should be used solely for work purposes . It is not acceptable to use the PCs /laptops for gaming, torrents, watching movies or browsing non work-related sites which could potentially infect it.
- Screen Lock Remember to lock your screen and/or to disconnect from terminal servers when you are not using it, just as if you were in the office. Your family may not be corporate saboteurs, but they could accidentally click on something which could install malware or send documents to the wrong people. Please remember you are personally responsible for the data on that PC /laptop under GDPR.
- USB Please avoid using USB devices on the laptops /PCs to transfer data as the USB device could be infected with malware. Remember your mobile phone is a USB device and so you should keep the Operating System updated on it (especially if using 2FA) If you must transfer data to USB make sure the device is encrypted.
- Backups Whilst the data stored locally on machines should be minimised anyway (it’s especially important now) please check to make sure your remote / cloud backups are working and let your helpdesk know if there are issues.
- Password and sensitive data sharing Please be mindful of sharing passwords. Credit card data should never be shared or stored anywhere.
The above list is based on what we sent our own staff internally, as I mentioned, and is not exhaustive.