In response to the COVID-19 pandemic, businesses have transitioned to a work-from-home model. Yet for many organizations, managing an entirely remote workforce is completely new; as a result, they may not have the processes, policies and technologies in place that enable employees to work from home safely and securely.  In this blog, we provide some dos and don’ts to help your employees practice good cyber hygiene.

The Dos

Connections & Access

  • Only connect to secure wireless networks.
  • Use a secure, guest home wireless network, not your personal home network.
  • Use a secure VPN with multi-factor authentication (MFA), especially when using public Wi-Fi while working.
  • Use a protective DNS service to block malicious websites, especially when using public Wi-Fi while working.
  • Use MFA for ALL services such as:
    • Microsoft O365/OneDrive/SharePoint, Google G-Suite and other communication platforms
    • Box and other file sharing systems
    • Remote access (e.g. VMWare/Citrix)
    • RMM systems
    • Other online accounts
  • Use the Toothbrush criteria for passwords (passphrases are better):
    • Choose a good/strong one
    • Don’t share it
    • Change it on a monthly basis
    • Don’t reuse an old one
  • Report suspected unauthorized access of any kind.

Devices & Applications

  • Keep computers and applications up-to-date and patched.
  • Keep smartphones and applications updated and patched
  • Use antivirus, firewalls and other company-approved security applications and protections on all devices (including smartphones) that are handling company information and data.
  • Only run authorized applications on company computers and other devices using company data.
  • Report lost/stolen devices.
  • Clean devices regularly with approved alcohol wipes:
    • Keyboards, mouse or other pointing devices
    • Monitors
    • Desks and workspaces (even the arms of your chair)
    • Cellphones and desk phones

Data

  • Encrypt all computers and devices (laptop, tablet, smartphone, USB drives, etc.) storing or using company data, even if you are storing data in temporary storage.
  • Backup company work only to company-approved locations using company-approved apps.
  • Wipe devices of company info when done with them.

Environment

  • Be careful of your surroundings. If in a public location:
    • Find a private area to work where no one can look over your shoulder or hear your conversations. If you have one, use a privacy screen on your laptop or smartphone.
    • Protect your devices. Don’t leave computers, tablets and phones unattended
    • Close open sessions, browsers and applications immediately when finished
  • Treat ALL company information and conversations as private, protected and sensitive.
  • Use videoconferencing for meetings. Leverage your existing systems or obtain a service.
    • Some services like Zoom and Cisco Webex are offering expanded and/or free use. Be sure to enable their security features.
  • Dress as if you are in the office and ensure your video background is work appropriate.

The Don’ts

  • Don’t do company work on your home/personal network.
  • Don’t mix personal and work data.
  • Don’t put company data in personal storage, at home or in the cloud.
  • Don’t use work credentials for personal/home use, & vice versa.
  • Don’t use work passwords on personal accounts, & vice versa.
  • Don’t access or use company data and information using personal applications unless authorized.
  • Don’t access both your home and personal networks on the same device at the same time (dual homing).

Micro Strategies is committed to supporting your company in this crisis. Our teams are fully staffed and ready to help. If you would like to discuss your cybersecurity operations or learn more about how Micro Strategies can help keep your organization and employees safe, contact us.

Want to learn More? Contact Us Today at 888-467-6588 or info@microstrat.com.