Is your Cybersecurity posture ready for remote workers?

Shifting operations to a work from home (WFH) model introduces new cybersecurity considerations to your company/organization. Use this checklist to get ahead—and stay ahead—of new risks.

• Instigate a cybersecurity health checkup during and after the shift to WFH. Review all cybersecurity controls to identify gaps, prioritize, and remediate accordingly.

• Update your Technology & Data Use Policy to include remote workforce considerations like non-company owned Wi-Fi, VPN usage, USB and connected drives, and Bring Your Own Device (BYOD).
  
• Update your Incident Response Plan to include common and key WFH scenarios that may impact your organization, including lost or stolen devices.

• Send regular awareness training videos to employees, depicting important cybersecurity topics for a remote workforce, such as Wi-Fi usage and actively protecting company devices.
  
• Hold group training sessions via remote webinar with employees on best practices to help protect the company, specifically on phishing style and similar attacks. Include a short quiz to gauge learning.
  
• Get regular cybersecurity threat alerts that feature emerging cybersecurity topics, attacks, and vulnerabilities—including those related to remote workforce, this is often accomplished through a good Security Event Information Management (SEIM) service or solution.

• Run vulnerability scans on networks (internally and externally) any time you make configuration changes to firewalls and other devices, including VPN, to quickly identify critical vulnerabilities to patch.

• Scan the Dark Web for stolen passwords for all employees. If any are found, have employees change passwords immediately on all systems, devices, and applications.

• Activate ongoing phishing tests on employees simulating how cyber-attackers use fear, uncertainty, and doubt. Employees should confirm requests and verify links or attachments before opening, there great automation tools to provide this continual testing and validation.

• Consider hiring ethical hacking on your networks after reconfiguring systems to identify weaknesses attackers could exploit.  This is generally called Penetration Testing or “PEN” Testing.