Abrupt. Disruptive. Chaotic. All of these words describe the arrival of COVID-19 in the United States. Suddenly, all attention is fixed on the pandemic and its effect on people’s health and the overall health of the economy. The breakout of COVID-19 has forced people to stay confined in their homes and it has also forced businesses to take a serious look at their practices and procedures. One of those practices in particular is working from home. While many businesses already implemented a work-from-home policy, others were only starting to contemplate it. And then, some organizations never even considered it. Now, just as suddenly as procedures to slow the spread of COVID-19 are getting put in place, many companies are scrambling to put policies in place to address the cybersecurity concerns of working from home.
Although the situation is anything but ideal, there is no better time than now to review or implement a cybersecurity policy that addresses a work from home strategy. To help you with this process, we compiled ten questions to address in your plan.
10 questions to address when creating cybersecurity guidelines for working from home
- Which technologies are employees using to remote into the company’s network? Are they using VPN or something else? Also, which device are they using? Do they have their own computer or will they use a company issued device? These questions are important to address because they allow you to take proper action if the employee’s network and/or computer is ever infected. This information can help ensure the infection doesn’t spread to the corporate business network.
- What policies are in place at the firewall or remote device level? You should have precautions in place that provide an outline of how a remote device user can interact with the corporate business network.
- Will remote workers have the same exact policies and procedures as when they worked on-prem behind the corporate firewall? Or will these plans deviate at all? Allowing for differing plans could potentially open up additional risk for the business including data, employees, customers and vendors.
- Are you able to monitor and detect suspicious or malicious behavior if your employees work from home 100% of the time? If not, you need to address this quickly.
- How will you know if a user account has been compromised? With the sudden departure of employees from the typical in-office setting, User Behavior Analytics (UBA) will suddenly start flagging these new events as unusual behavior. You will need to have a way to determine which behavior needs attention or which behavior is just a false alarm.
- Which employees will coordinate and oversee the plan? And how will you monitor everyone’s compliance with the plan? A cybersecurity plan without action is useless, so you must tap several key individuals to ensure proper execution.
- What are the most prominent risks that could potentially affect your company’s data? Don’t forget to think about this in relevance to each area of your company’s operation.
- Do you have any industry-specific compliance standards you must adhere to? And does working from home affect the way your company must adhere to these guidelines? Compliance programs to look into include the Gramm-Leach-Bliley Act, PCI Compliance and NIST compliance.
- Do you have a password management system in place for all employees? This type of program is highly recommended. However, if employees feel like they cannot work properly, then they may skip the password management if no one is looking over their shoulder.
- How will you determine what is acceptable internet usage? And how will you monitor and track network usage? You need to ensure the company’s assets don’t get infected while they are not behind the corporate firewall. If they do, they could potentially bring the infection back to the office once the remote work session has been completed.
Though not soon enough, the threat of the COVID-19 virus eventually will pass. However, the need for a cybersecurity strategy and work from home policy will last much longer. Again, the scenario might not be ideal, but there is no better time than now to start addressing your cybersecurity plan. If you have questions or need help during this time, our team is on hand and ready to address your questions.