Remote Work Security Checklist

Remote work was slowly becoming the norm, but the spread of coronavirus has fast tracked its development, and we’re currently participating in the “largest work from home experiment”. Generally speaking, security is one major concern of managers who still haven’t created a remote-friendly environment in their organizations.

Although remote work does pose more security threats than office work, it’s not impossible to keep company’s data safe, and in this article we’ll provide you with everything you need to keep the data secure. We’ll cover the following:

• Encrypt all devices
• Update operating system and software regularly
• Don’t activate auto logins
• Turn on auto lock
• Use a password management tool
• Use two-factor authentication
• Enable Find My Device and Remote Wipe options
• Use a VPN when using public or unsecure networks
• Make your home network even more secure
• Create policies and monitor your employee

‍

Encrypt the Devices

This is an option that can come quite handy in case a device is lost or stolen somewhere. It encodes information on the drive and makes it hard to decipher without proper access.

If you’re using a Windows device, you should enable the BitLocker, for macOS, it’s the FileVault, while for Linux you can use dm-crypt. Android and iOS devices have default encryption for devices using Android 6 or above, or iOS 8 and above.

Update Your Operating System Regularly

Automatic operating system updates are usually enabled by default, but make sure you instruct your employees to keep the settings that way. It takes a long time to resolve a vulnerability once it’s discovered, which means that it could take a couple of months for the makers to release a patched update.

You shouldn’t delay this process even more by updating your system every six months.

Update Software Regularly As Well

Software updates might be bugging you, you keep delaying them, but the thing is most makers release updates when they have new features, when they resolve bugs, or security vulnerabilities. Most software will notify the user when there’s a new update available, but if they don’t - make sure your employees are regularly checking for updates themselves.

Don’t Activate Auto Logins

Whether it’s the device login, or login to any website - make sure you type in the password (or use a password app) for all of them. In case that someone other than your employee gets to their computer, they won’t be able to access anything on it.

It should go without saying that sharing passwords isn’t an option, and that passwords should be complicated and different for every login.

Turn On Auto Lock

Whether your employees are working from home, or coffee shops, hostels and coworking spaces - they should enable auto lock on their devices. Automatic lock works based on the device's inactivity. For laptops, it’s usually okay to set the time for up to 5 minutes, while most phones lock after 30 seconds. The time can be adjusted, so they should set it up for what’s convenient for them.

Use a Password Management Tool

Password management tools help you create and safeguard all passwords. If there are tools your employees are sharing with one login, they can share passwords securely thanks to this tool. Some of them even remind you or require you to update your passwords after a few months.

Use Two-Factor Authentication

Two-factor authentication requires your employees to enter a password then either answer a security question or enter a code they receive to their email/phone. This type of protection is great in case someone manages to break into your employees accounts, they might be able to guess the password, but it’s hard they’ll be able to get the code that comes via SMS to your employees phone.

Enable Find My Device (and Remote Wipe)

Unfortunately laptops and phones get stolen or lost. Luckily, all of them have an option called Find My Device, and another one which lets you remotely wipe all data from the computer/phone. Windows and macOS have these options in their settings, while Linux needs a third party app for this action.

If your employees’ Android phone is connected to a Google account, this option is automatically enabled, and for iOS they would need to set up iCloud and enable this option in the settings.

Wipe the Devices You Won’t Be Using Anymore

Every device can be wiped clean (brought back to factory state) if you won’t be using it anymore. This option deletes every piece of data on your device, but keep in mind that it can be undone. In case you think you’ll need anything - create a backup.

Use a VPN When Connecting on Public Networks

Sometimes, employees who are working remotely will travel and do some work from a local cafe. These usually have public networks, or private networks that aren’t very secure. If a VPN isn’t illegal in their country, instruct employees to use it so they wouldn't be tracked, or potentially attacked through the network.

‍

Make Your Home Network Even More Secure

There are many instructions you can give to your employees regarding the safety of their home network. But, these are some key, basic things they can do:

• The password should be long and complicated
• Change the password frequently
• Change router’s admin credentials
• Use a network name without personal information in it

Create Policies and Monitor Your Employees' Behaviour

What’s most important is that you educate your staff on the best practices regarding data security, and that you create policies for proper use of equipment and data. Besides outlining what are the necessary steps to take while working from home, the policies must also include what are the repercussions for unwarranted behaviour.

If you want an additional layer of security, you can always use a software for tracking remote workers. These tools help you see which apps and websites your employees are using during working hours, but they also take screenshots so you can see if someone is going against your policies. Keep in mind that tracking of remote workers doesn’t have to be intrusive, and it’s not only used for security purposes. You can use it to track attendance, measure productivity, as well as to track time on projects and tasks.

‍

Wrap Up

Keeping your company’s data safe is imperative to making sure your business can still run, even in the remote environment. As a manager or a business owner you must ensure you’ve ticked all the boxes, and that you’ve prepared your employees. This is why sharing educational materials and organizing data security workshops is an essential step in the process of cybersecurity. Talk to your employees frequently, let them ask questions to the IT department if they’re unsure of any steps they should take, and if you need to - start tracking your remote workers to be 100% sure your data will be secure.