Checklist: How To Securely Transition Employees To Work From Home by: ERMProtect

Updated: Mar 27

Getting Started

  • Ensure that you have a remote access policy (or create one) one that clearly delineates and emphasizes the protection of your information, intellectual property, and equipment.

  • Start from the ground-up. Review your network diagram and data flows. Identify the remote access entry points. Segment the networks that can be accessed remotely in order to limit your risk by design. Remember, the resources that are made accessible should be the minimum required for users to perform their jobs. If additional access is needed at a later stage, use a formal change management process to identify, review, authorize, and grant such access.

  • Ensure that you provide your employees with organization-assigned laptops that will be used for remote access. That way you can uniformly and centrally institute the same levels of security across all machines.

Guidelines for Employees

  • Provide concise and actionable guidelines to your employees regarding working from home. Ensure that they know and implement the basics.

  • A wired network connection is preferable over a wireless one. If they must use WiFi, they need to take basic security precautions related to the router. Changing the factory default credentials and ensuring that they use, at least, WPA2 encryption with a strong passphrase is a good starting point. They shouldn't connect to any other WiFi network but instead use their mobile phones as hotspots in case of emergencies.

  • Discourage the use of wireless printers at home. If they do have such printers, the security precautions that apply to WiFi routers would need to be applied to these printers as well.

  • A clean desk is just as important when working from home.

  • When walking away from the computer, they need to lock the screen just like they would at work.

  • If they have young children at home, they need to be careful to keep work devices out of their reach.

  • They should use organization-assigned USB storage devices at all times.

  • Ensuring the physical security of work-assigned equipment and assets is critical as well. Be sure that employees lock away machines/devices safely and don’t forget them in their cars or other places.

  • It’s best that employees do not access social media from work devices. Ensure that organization-assigned devices already block such mediums. The Human Resources department should also provide guidelines to employees on what is acceptable versus not acceptable to post on social media in relation to the organization, even if it is from their personal devices/accounts.

Secure and Control Access

  • From a remote access standpoint, only allow and use secure protocols such as SSH, HTTPS, SCP. Ensure that insecure ones like FTP, Telnet, HTTP, TFTP are completely disabled.

  • Use a robust VPN implementation to provide employees with remote access. Ensure that you enforce the VPN connection before employees can access organizational resources.

  • Your firewalls and Intrusion Detection/Prevention Systems (IDS/IPS) should work in tandem to ensure that unauthorized and insecure remote access tools are completely blocked at the organization’s network perimeter itself.

  • If third party vendors and/or contractors will be using remote access as well, ensure that additional monitoring, authentication, and robust logging is deployed.

  • Ensure that you enable two-factor authentication wherever it is available. Features such as Network Level Authentication (NLA) in Windows should be enabled as an extra layer of authentication. And remember to have a reasonable account lockout policy in place.

  • Consider employing clientless remote access solutions as well as single sign-on.

Patch, Backup & Monitor

  • Your backup management processes and procedures are critical. Recovering from backups can be very important in situations like a ransomware attack on one of the employee machines. Ensure that you have ongoing backups in place that include both onsite backups as well as remote backups to a secure collocation facility.

  • Good change management and patch management processes and practices are even more important when it comes to remote access security. Ensure that remote access infrastructure, both hardware and software, is fully patched and updated at all times. Each patch/update should follow a formal change management process wherein changes should be tested in a test environment and monitored before applying the changes to the production environment.

  • Employ strong privilege and access management practices by using solutions that track, audit, log, and monitor all remote access requests, approvals, and revocations for all users.

  • Factor in the implications of regulatory and standards compliance when it comes to remote access and ensure that you are checking all the required boxes.

Know Where You Stand

  • Perform deep-dive, comprehensive security configuration reviews of all technical infrastructure elements across your organization. Include every single technical infrastructure element from the well-known firewalls, routers, switches, workstations, servers, databases, emails, VoIP, anti-virus and anti-malware solutions to the often-overlooked printers, cameras, telephones, and Internet of Things (IoT) devices. Ensuring that each individual component of your technical infrastructure is fully locked down and secure is absolutely critical as the whole is a sum of its parts.

  • Penetration testing is a crucial piece of the puzzle. Ensure that you perform ongoing penetration tests at a network, application, mobile device, and IoT device level to unearth vulnerabilities in your infrastructure that malicious actors can exploit. Social engineering assessments are also critical to identify the human weaknesses in your cybersecurity chain.

Implement Detection Practices

  • A good Security Incident Event Management (SIEM) tool is almost a necessity today. Ensure that you set up configurations, alerts, and actions meticulously and monitor the SIEM at all times. If you don’t have a SIEM, implement compensating detection controls to the extent possible.

  • Set up an, easy-to-remember, email address and phone number where employees can reach out to report cybersecurity issues.

  • Ensure that you have a robust incident response plan in place that is tested at least quarterly. The tests should include a mix of tabletop exercises as well as live simulation testing. After each such test, document the lessons learned and leverage these to make adjustments and enhancements to your original plan.

  • Perform data breach assessments at least once a quarter. These assessments help you identify if your technical infrastructure has suffered an undetected data breach. Oftentimes, hackers break into organizational networks and lay low with the intention of passively stealing sensitive information on an ongoing basis. A data breach assessment can nip such disastrous situations in the bud.

  • If you suspect you’ve had a data breach, it is vital to follow a formal digital forensic investigation process. Doing so shows you did your due diligence and heightens chances you can prosecute perpetrators of the attack.


© 2020 by The Florida Business Continuity Task Force.

Proudly created by WIMS Consulting.