7 Steps to Get Employees Working Remotely: A Guide for CISOs

Published on May 11, 2020  |  Cyberfort Advisors

Overseeing your company’s information security programs is a challenging job, especially when your company is implementing work from home (WFH) policies and procedures. Adding remote workers to daily operations complicates cybersecurity and compliance issues, so we compiled 7 steps that will help you to get your company’s employees working remotely in a secure and fast fashion. 

  1. Implement MFA 
  2. Check software licenses
  3. Install security software
  4. Ensure VPNs are up to date
  5. Test internet bandwidth
  6. Implement a password management policy
  7. Enable automatic updates

Implement MFA

Since most users will utilize a variety of internet-facing services to complete daily tasks, it’s important to implement multi-factor authentication (MFA) for all of these services. Without it, users will likely employ weak authentication means and risk threat exposure. 

Sophos recommends identifying “which services are most at risk and most valuable to [your] adversaries.” This means communicating with all departments to collect a list of services they use and how often, if you don’t already have this list. Then prioritize the services by security measures, usage, and compliance before charging the IT team with implementing MFA for each service in that order.

A great place to start when implementing MFA is to use SMS-based MFA. Since most of your users are likely to already have experience using SMS-based MFA (e.g. when logging into their online banking accounts), they are more likely to utilize it rather than developing a workaround. 

Employee uses secure chat to communicate with remote team.

Check software licenses

When employees start working from home, they will likely use their personal devices to work. In doing so, they will need a variety of software to complete their daily tasks. This means you need to check software licenses to ensure there are enough for everyone to use. At this point, you may need to purchase additional licenses. Or, you may be able to identify license alternatives.

During this process, according to CSO, “you may want to add the ability to manage and monitor the remote systems of your users if they are not already under your control.”

In addition to checking software licenses employees already use, you may want to purchase and distribute a communication tool so users know where to connect and collaborate. This will lower the usage of email, which may help lower the opportunity to fall for phishing emails. 

Install security software

Not all users will already use antivirus software and firewalls, so it’s up to you and your team to determine the security software users need and distribute it to them. Then, you will likely need to help them implement it on the devices they are using for work, including mobile devices. Be sure users turn on automatic updates to keep the security solutions running smoothly.

Employee uses VPN while working from home.

Ensure VPNs are up to date

Remote users are encouraged to utilize VPNs and other remote access services. In addition to distributing, implementing, and troubleshooting the usage of VPNs for users, you will also need to ensure they are up to date. Many users who have previously used VPNs won’t know they will need to be updated. 

Test internet bandwidth

According to CSO, with an increase of inbound traffic to your organization’s network, you may need to increase your internet bandwidth. For your users, you will need to help them test their internet bandwidth, especially if they are going to use video conferencing. If they need more bandwidth, you may need to help them review their options and find out whether the company will help pay for the added bandwidth.

Passwords written in a notebook may be a good idea for employees who work from home.

Implement a password management policy

Since most users likely use a variety of services and programs to complete their daily tasks, and you have implemented MFA for many of those services, it’s important to implement a password management policy. This policy should be simple and straightforward; it should include the details of how users will utilize a password manager, how often passwords should be updated, and how complex passwords need to be.

For a quick fix, you can recommend that users write down their passwords in a notebook. This is a great option for users that are not technically-savvy and always work from home. This is not a great solution for users who travel a lot as carrying a notebook with passwords while traveling can lead to the passwords ending up in the wrong hands.

For a long-term solution, determine the right password management software for your organization’s needs. There are many that are user-friendly and utilize browser extensions to make password management easier for the user.

If users start using a notebook to manage their passwords and then you implement a digital password management solution, be sure to encourage users to shred the original password pages to keep them secure when they travel, even if it’s just from their home to the office.

Throughout this process, recommend to users that they do not utilize default “remember my password” feature within browsers as they are not as secure as password management software.

Enable automatic updates

Remote users need to enable automatic updates for all devices, software, and apps they use to work. This includes their operating systems, browsers, email clients, and software used to open attachments. 

This is very important for all devices, including mobile phones, so if any users prefer to keep their phone not up to date, perhaps for lack of storage space, then it’s best to recommend that they do not use those out-of-date devices for work. 

Launching your company’s employees to the WFH environment is not a simple task, but with these steps, you can have a firm foundation for remote worker security. 

If you have a remote team, protect all of your devices with Cisco Umbrella.