Blog | Cyber Security News & Training | Securetain

COVID-19 Quick Remote Work Cyber Security Checklist

The article published two weeks ago “Coronavirus (COVID-19) Guidance for Small and Large Businesses” detailed the steps for businesses to follow. Today we are already in the middle where everyone is working from home, not just in the US but around the world. The situation creates an opportunity for hackers. The U.S. cybersecurity officials released an advisory warning to companies to update their Virtual Private Networks (VPNs) and be on guard against a surge of malicious emails aimed at an already disoriented workforce. Britain’s National Cyber Security Centre issued a six-page leaflet for businesses managing remote employees.

The team at Securetain thought it will be a good idea to provide a quick checklist for the organization to know if they have considered different remote work risk factors as well as management to know their responsibilities. 

We thought it makes sense to have a checklist for one to know where you are in the process or what needs to be improved quickly. The checklist is divided into three parts and driven by the roles and responsibilities of personnel within the organization.

Senior Management

#QuestionsYesNo
1Is the CEO present in online tools, channels, communicating proactively and engaging in timely conversations?  
2Has the management explained in writing what the company is trying to accomplish and has a vision that can help employees rally behind?  
3Has management addressed the issues raised by employees?  
4Is management courteous, compassionate, and authentic across channels?  
5Does the company have online expressions for your culture? The virtual water cooler where high fives, celebrations, gossip, community, family, personal interest, happy emojis, etc. can be shared.  
6Does the company have the right digital tools to facilitate communication? (E.g., Text messaging, Slack, email, wikis, hangout, video conferences, etc.)  
7Do the company have established security policies and guidelines for remote work?  

Employees – Cyber Security Considerations

#QuestionsYesNo
1Is your Wi-Fi connection secure? Can you reach out to the support team to verify and test?  
2Is anti-virus or any updates/patches applied timely to the  computer without delay?  
3Do you back-up periodically in addition to auto backup runs?  
4Do you lock your screen while away and protect them from kids?  
5Did you check with your support team that encryption is in place and working?  
6Are you familiar with applicable security guidelines, plans, and policies?  
7Are you aware that the work computer and other devices must not be shared?  

Directors – Cyber Security Considerations

#QuestionsYesNo
1Do you have adequate support staff to address the questions from remote workers and resolve the issues in time?  
2Do you have the ability to push updates, patches, etc.  and enforce timely implementation?  
3Can you provide virtual solutions, digital signature, and approval workflows?  
4Do you have clear procedures for employees to follow in case of a security incident?  
5Can you limit access to sensitive data where it makes sense?  
6Do you have a data breach and incident response plan to manage incidents?  
7Did you send a reminder to employees as to what information needs to be protected? (E.g., confidential, sensitive business information, trade secrets, intellectual property, private employee information, work product, customer information, and other personal information that identifies a person.  
8Have you trained employees on how to detect and/or handle phishing attacks and other forms of social engineering attacks?  
9Do you have a policy in place to prohibit access to company information systems while on public wi-fi?  
10Do you have solutions in place to manage and secure mobile devices and applications?  
11Are you communicating with employees about coronavirus-themed phishing emails?  

The checklist is based on the various articles and guidance recently published by Fast Company, European Union Agency for Cyber Security (ENISA), JDSPURA, BBC, CNBC, etc.

Thought of sharing the phishing email received few minutes ago.