By Ryan Weeks, Chief
Information Security Officer at
Datto
While COVID-19 continues to aggressively
spread across the globe, many employees worldwide are facing the realities of
working remotely for the first time. Simultaneously, there is increasing
evidence to show that malicious actors are using concerns of the
virus to prey on those same individuals. Given this, it is more important than
ever before that employees understand their role in protecting their personal
data and their company's data. From home networks, to the actions of family
members, to how employees conduct their work, every aspect of an employee's
remote work life plays a critical role in ensuring the future of business
continuity.
In an effort to help employees and businesses
around the world, here are some guidelines and best practices for how to work
from home safely and securely.
General
Guidance for Secure Remote Workers:
- Report any suspicious activity to
your security team.
- Remain vigilant while reading
emails, messages, web browsing, and be aware of common phishing techniques. Numerous attacks
have surfaced that are using COVID-19 based content as delivery mechanisms for
malware.
- Avoid non-reputable websites or
links that may be potentially malicious.
- Avoid public network access points
(i.e. coffee shop WiFi) and stay on your home network if possible.
- Make sure your home WiFi is
secured, ideally with WPA2 or WPA3. Ensure insecure features like UPnP are
disabled and default logins to IoT are changed.
- Work within cloud applications
where possible to make sure data is being backed up.
- Protect you and your family's
personal accounts with 2FA, staying vigilant with interactions on online
platforms.
- Use strong passwords and ideally a
Password Manager.
- Try to limit your family's
bandwidth usage, the more devices in use (phones, game consoles, etc.), the
slower your connection which can hinder your ability to work remotely.
Guidance
for Employees using Personal Laptops and Desktops
- Ensure you have a reputable
Antivirus and Firewall installed and turned on, your internet service provider
(ISP) may provide free security suites.
- Ensure the latest operating system
and web browser updates are installed.
- Lock your personal computer when
walking away from it (Win+L on Windows or Command+Control+Q on Mac).
- Avoid the use of file sharing
(P2P), and other high risk applications.
DO
NOT
- Use unsupported methods of
communication to conduct business (We recommend using Zoom & Slack)
- Use unsupported 3rd party VPN
software/services
- Reuse passwords across personal
and company accounts
- Store company proprietary
information/work on personal devices
- Leave your business accounts
logged in on shared system(s)
- Use your personal
email(s)/accounts to conduct company business
- Connect unknown devices (USB
sticks, peripherals, etc.) to company system(s)
- Install software that may put your
system(s) at risk (Unsupported remote desktop, etc.)
- Wait to report any adverse
information or suspicious activity identified with company assets
Fortunately, most
businesses are equipped to operate while employees are remote. To learn more
about how to best secure your systems and be productive while working remotely,
visit our blog.
##
About the Author
As Chief Information Security Officer (CISO), Ryan is responsible for directing and managing Datto's Information Security program. Ryan spent 11 years securing enterprise applications, systems and sensitive customer financial data at FactSet Research Systems, where he orchestrated all facets of the global information security program. Ryan holds a B.S. in Computer Information Systems from Ithaca College, a M.S. in Information Assurance from Northeastern University and has industry security certifications including the Certified Information Systems Security Professional (CISSP) and the Certified Information Security Manager (CISM).