Security Awareness and Preparedness: Ten Considerations for a Successful Remote Workforce

publish date is May 7th, 2020
By: Brian Gammon, vCIO

Since the initial push and transition to work from home in recent weeks, we have observed and shared in the experiences a number of our clients have had and would like to provide insight into the model and recommend items to consider going forward. We offer these additional considerations as teams are now settling into the new model. Technology risks have changed, and as you might expect, even increased during this transition. Organizations should carefully consider the impact of these new or increased risks now that there are higher percentages of team members now working from home. These considerations can include: access controls for systems and data, use of internal IT infrastructure, bandwidth costs and capacity, data management and security, and more. In general, even under the best circumstances, there is risk associated with end users accessing your organization’s infrastructure and data. Remote work can amplify and compound these risks and issues. Variables such as employee-owned equipment, consumer grade tools and security software, and local networks, make the transition more challenging to secure your data and infrastructure. Below are 10 considerations and tips to ensure your team remains effective and your organization is protected:

1. Provide VPN Access or Specify Approved Remote Access

There are many tools available to support secure access to your company network directly from your home device or through remote access software, enabling access to your work device (and all of its resources). Ensure your policies and approved methods are defined clearly, documented, and communicated to all team members requiring access. Include communication on specific do’s and don’ts relative to accessing company systems, files, data, and internet activity.

2. Establish Regular Team Communication Cadence

Best practices and team member feedback have indicated having consistently scheduled and structured team meetings has contributed to their productivity and helped maintain their connectedness to the team and team members. These touch base meetings can be brief yet should be organized and allow some time to be intentional about celebrating successes, individual recognition, individual inclusion, and engagement.

3. Encourage Teams to get some Facetime with Video Conferencing

Leverage technology for telephone conferences and strive to include at least some time each week for video conferences. Feedback indicates this is a significant positive contributor to remaining more connected while working remotely. This is especially true for team members who may be more isolated than others at times.

4. Educate Work from Home Team Members About Basic Security Practices

Reinforce the importance of always being diligent about security practices and policies including a heightened level of attention during these times. How many suspicious emails or texts or phone calls have you received recently addressed to undisclosed recipients, misspelled calls to action, or various requests to click links or provide pieces of information? These attempts have skyrocketed in recent weeks. Leverage or extend your security awareness reminders and training frequently. Consider conducting your own internal phishing campaign if you’re not already doing it.

5. Avoid Use of ANY USB Drives

These types of attacks have continued to evolve, become even more clever in delivery, and can cause considerable damage and issues on individual devices, as well as entire networks. Avoid plugging USB drive devices (especially from unknown or random sources) into your equipment. We can tell you from experience , it is unlikely you have won the next sweepstakes if to claim your prize you must only plug in this USB device to read the instructions to claim it. Also Consider disabling autorun and ensure your anti-virus software is up to date.

6. Leverage Multi-Factor Authentication (MFA)

Revisit your utilization of MFA across your teams and applications. Define your strategy, applications posture, and procedures. Publish instructions or steps to secure applications. Consider a portfolio review and implement additional security mechanisms to the greatest extent possible.

7. Revisit Password Policy and Reset/Audit Transitioning Team Members

This is a great time to revisit, communicate, and then recommunicate, your password strength and maintenance policies. In fact, some organizations have conducted a scheduled reset of all critical access controls and increased the frequency of updates and changes in order to help maintain security during these times.

8. Review or Develop Staffing Contingency Plans

Leverage this time to review and document key components to your support environment including critical applications and infrastructure. Identify knowledge points and individual team members, list them by name, identify backup resources whether internal or external, and any significant gaps. Plan and execute remediation plans to close gaps, with clearly identified and trained team members as well as documentation for essential functions.

9. Revisit Data Backups and Review Policies with Remote Workers

We were somewhat surprised at the number of individuals and companies checking in with their results and findings when reviewing and implementing this best practice. There is an increasing onslaught of techniques to gain access to personal and private networks especially during these times. Review it, check it, and change it as needed. Sophisticated Systems utilizes a set of established best practices and standards and has a variety of partnerships that can be leveraged to help your organization successfully adjust to remote work environments.

10. Check & Reset Wi-Fi Router Passwords to Ensure Defaults Aren’t in Use

Consider the amount of work being done away from the traditional work environment. Review and remind team members of policies and best practices around the storage or backup of various types of information. Ensure all team members know how and where to store and backup information as well as policies for downloads and sharing.

About Sophisticated Systems

Sophisticated Systems’ has been providing technology services and solutions to Central Ohio for more than a quarter-century. Our Technology Solutions Group has more than 200 years of expertise amongst its team, and we are knowledgeable and experienced in developing Disaster Recovery plans.
We offer customizable technology solutions that fit the needs of our clients. Our skilled technology professionals deliver measurable value to our clients so that they can focus on their business priorities.

Our suite of technology services and solutions includes IT projects, managed services, cloud services, technology deployment, network monitoring and security, hardware and software procurement, and professional services.

SSI has been recognized multiple times for its dedication to uplifting the Central Ohio community as Corporate Caring award finalist and recipient, as well as one of the fastest growing companies, both locally and nationally, by Columbus Business First, FORTUNE and INC. magazines.