Remote working checklist: securely enabling remote workers
Other · Apr 20, 2020
As your organization shifts towards enabling a remote workforce, there are a number of cyber security considerations to take into account. TELUS first began rolling out its remote team member strategy over ten years ago. It is this experience that allowed us to, despite the unprecedented impact of COVID-19, be prepared to securely enable a large incremental volume of remote team members. Some of these measures included rapidly increasing VPN capacity, accelerating the rollout of advanced endpoint security measures and prioritizing security awareness communications.
In an effort to share over a decade’s worth of learnings, we have put together a checklist that we believe will help organizations implement or expand a remote workforce.
Devices/Equipment/Tools
- Provide company laptops/devices to remote team members (where possible)
- Equip laptops/devices with hardware encryption
- Ensure laptops are running an up to date anti-virus software
- Limit or restrict BYOD or the use of personal devices
- Limit or restrict access to the organization’s infrastructure from personal devices
- Secure sensitive data (Citrix, VPN) if relying on BYOD or personal devices
- Keep all software and operating systems updated regularly
- Provide staff with the proper tools to store critical documents (i.e. secure shared drive)
- If active projects (or plans) to implement cyber security controls to protect your remote workforce, consider re-prioritizing or accelerating their rollout.
Connectivity
- Set up a VPN or a secure remote access solution
- Make 2 Factor Authentication (2FA) mandatory for all remote workers
- Employ a network monitoring or logging system and setup alerts or use cases to track anomalous VPN traffic
- Restrict or limit connectivity to third-party services from remote locations
Access control
- Set up role-based access control
- Set up 2 Factor Authentication (2FA) for any sensitive data
- Encourage team members to use password managers
User cybersecurity awareness
- Refresh cybersecurity awareness training for all team members
- Emphasize the importance of reporting any suspicious emails, issues or errors immediately
- i.e. if someone clicks on a suspicious file or link, it must be reported to IT immediately
- Monitor for COVID-19 related phishing emails
- Remind users of the differences between in office work and working from home arrangements
Policies
- Draft (if the policy does not currently exist) and communicate following policies or guidelines to all staff on
- Working from Home
- Remote Access
- Password
- Incident Response
Review your incident response plan
Check that you're able to enact it, in light of new restrictions on movement.
Vendors
- Be sure your essential vendors are operational and able to continue providing service
- Maintain an adequate inventory of the devices critical to your operations
Best practices
- Communicate your expectations clearly to the team
- If your company allows for “flex hours” clearly define what those are
- Set up a mechanism for emergency communications
- Mailing list, mass communication system, SMS
- Foster an environment where employees are encouraged to ask questions and communicate with each other
- Discourage the use of unsecure Wi-Fi
- Remind staff to always lock their devices when not in use, and enforce lockouts through group policies
- Ensure that work is being carried out in a private and secure location
- Mandate saving data only to company-approved sources (i.e. avoid personal, local hard drives or non-company cloud drive services)
Remember, your TELUS Cyber Security Team is always ready to provide you with support and assistance.
To learn more about remote working security, visit
telus.com/cybersecurity
.Authored by:
Morgan Smith