Here are some remote working security best practices:
Remote Working Security Best Practices
Have the same level of security awareness
Ensure that end users have the same level of security awareness in the remote office as they do in the central office. Make sure that they know to never give out their username and password to anyone (no matter how trustworthy they seem), and to be suspicious of links in emails.
Never store sensitive data in publicly accessible locations
Ensure that end users do not store sensitive data in publicly accessible locations on their remote computers. Sensitive data should be encrypted and stored in secure locations, accessible only by authorized users.
Remind remote users not to open files from untrusted sources
Ensure that remote users are not opening files from untrusted sources. All files should be scanned by a reliable and updated antivirus application before being opened.
Avoid untrusted networks (Public Wi-fi)
Ensure that remote users are not connecting to untrusted networks when working remotely (such as public Wi-fi). Users should connect to a VPN service when in public locations.
Implement strong passwords and change them regularly
Ensure that end users are using strong passwords, with a minimum of 10 characters, and that they are setting up automatic password changes on their remote computer.
Enable Two-Factor Authentication, if possible
Enable Two-Factor Authentication (2FA) on all remote users who have access to critical corporate information. 2FA provides an extra layer of security by requiring something that the user has (a hardware token or smartphone app) in addition to something that the user knows (a password). 2FA is often required to access highly sensitive data stores such as HR systems or financial systems.
Disable USB ports or encrypt USB drives before connecting them to computers
Disable USB ports or encrypt USB drives before connecting them to computers. This protects against the rising trend of “BadUSB” attacks, where USB ports are used to inject malware onto computers. When enabled, this feature is often referred to as “USB Execution Prevention” or “USB Device Protection”.
Encrypting devices will also prevent data from being stolen from unauthorized users if the device is stolen or lost. If a device is encrypted, it will not be able to be read by any other device. It must first be decrypted using a unique key before it can be read by another device. This helps protect against the theft of confidential data in case a device is lost or stolen.
Use strong passwords for VPN connections and change them regularly
Ensure that users are not using the same credentials for their VPN connection as they are for their local logins. All remote users should use strong passwords and ensure that they change these regularly. These passwords should be stored in a secure location, accessible only by authorized users.
If there is no other way to securely store passwords on their remote computer, then we recommend using KeePass. KeePass allows you to securely store your credentials locally on your computer and keep them protected with a master password so others cannot find them without knowing your KeePass password – which only you know! KeePass can be installed on any operating system including Windows, Mac, Linux, and Android.
