In the wake of recent guidance for organizations to maximize telecommuting, it is important that the appropriate capabilities are in place to enable secure work environments for an organization’s workforce. The objective of these capabilities is to allow employees to securely access the organization, protect networks and data from unapproved users, and educate the workforce on best security practices. Guidehouse advises that security measures be taken by the organization as well as by the employee.

What you should do:

Organizations

• Set up a virtual private network to secure connections to company systems when working away from the organization’s facility.
• Harden endpoints to minimize the compromise of end-user device by limiting unnecessary applications and enforcing security patches.
• Require multi-factor authentication to verify a person’s identity with multiple form factors (e.g., password/PIN, biometric, etc.) before granting access.
• Enforce password management to include a policy for password expiration, use of complex passwords, and/or use of tools for one-time passwords.
• Implement security incident reporting to provide employees with tools to aid in the detection, identification, and remediation of cyber incidents.

Employees

• Use secure Wi-Fi to minimize threats from open and unsecured internet connections.
• Leverage company-approved devices to access company resources through corporate laptops and mobile devices.
• Encrypt and/or digitally sign sensitive emails or files to verify that emails or files are from the designated sender and are not altered in transit.
• Use only corporate tools and accounts to access an organization’s proprietary data through approved secure channels (e.g., corporate email).
• Exercise caution with website links and social media to protect systems from phishing emails and malware attacks when users click on unknown links.