As we cope with the COVID-19 pandemic, it’s important to take a few extra measures to protect your organization, your patients and clients, and your data. Teleworking, where more and more individuals are working remotely, is widely accepted to prevent further spread of the virus. Now is a good time to address the risks that come with working remotely, especially if workstations are not owned by your organization.
Minimum Employee Needs for Secure Remote Work
As you prepare yourself and your teams for expanded teleworking here’s a checklist of what you need to do to reduce the risks associated with mobile device use that may be outside of what you would normally permit. If employees will be using their own devices and working remotely, at a minimum they need the following:
- Secure wireless router that’s cabled or wireless secured with WPA 2
- A strong home router password
- A strong device password
- Up to date antimalware and firewall
- Up to date patching on the device used
- If connecting to your network, a secure connection to the network (e.g., VPN, TLS, HTTPS)
If employees are using a company laptop, you need to require the use of a secure connection with a strong password. It would also be a good idea to make sure if company workstations will be used that all of the above are addressed. Patching is important to prevent vulnerabilities from being exploited by cybercriminals.
One last caution: Phishing. Now more than ever employees need to be reminded to beware of phishing activity. There are a number of known phishing attacks associated with COVID-19. Social engineering can result in a breach, ransomware attacks and other damage to your infrastructure and data. It’s a good idea to point employees to the CDC and other reputable sources so they know what sites are safe to visit. That way they can remain up to speed on what’s happening with the pandemic, with less risk.
As was said every episode of Hill Street Blues, stay safe out there!
When you’re making on-the-fly revisions and updates to your policies and procedures during this critical time, you want to help them stick. A tip: make sure they state what you will do, not just what you can do. “If you say it, do it. If you do it, write it down.” Call on Apgar & Associates at 503-384-2538 for help with privacy and information security fundamentals as well as strategic planning.