Search
Close this search box.

Security Tips for Remote Working

Share:

Contrary to expectations, cybercriminals aren’t taking a break because of Coronavirus and are in fact thriving more than ever in the current climate of remote working.  

I’ve included below a number of key take-aways that IT security teams and management ought consider when implementing a remote working program. 

 

1. Update and Patch Remote Devices 

Malware primarily targets operating systems and applications that are out-of-date or have not been patched.  

It’s important that your employees: 

Turn on Automatic Updates for Windows and other key systems:  

Updating regularly and automatically will ensure that old malware will not impact your employee’s devices. 

Reboot Regularly: 

It’s suggested that home users reboot their devices every day or every week, allowing the opportunity to apply patches. Any Wi-Fi-enabled gadget at home, whether it’s an Xbox, a tablet, a child’s school laptop, or a fridge with an internet connection, is at risk of being infected. You don’t want these machines connecting back to your corporate office. 

Keep Applications Up to Date: 

Make sure that your employees are aware of how to set up automatic updates for all the applications they use daily. 

 

2. Encrypt Data on Remote Devices: 

Windows and macOS feature built-in encryption that prevents unauthorised access to your company’s data even if the devices are stolen. 

There is only one thing left to do: turn it on! 

For Windows OS, we recommend ensuring all devices are running Windows 10 Pro or Enterprise where encryption at rest settings are turned on by default. 

For MacOS, ensuring FileVault is turned on will allow data to be encrypted automatically. 

FileVault Encryption on macOS

3. Insist on Home Security

It’s not likely that your employee’s home networks are protected by an enterprise-grade firewall.  

Encourage your employees to:

Disable WPS on their home router: 

WPS has been known to be insecure and prone to brute force attacks. Instead, utilise more secure WIFI technologies like WPA2 

Restrict access to staff devices: 

More than ever it’s important to consider moving employees away from Bringing-Their-Own-Devices (BYOD) so that IT can control what applications are allowed and disallowed. 

 

4. Secure a VPN 

Consider enforcing secure VPN for connecting to work PCs and servers. 

Don’t expose RDP: 

Rather than allowing RDP (Remote Desktop Protocol) from the public internet through your corporate firewall, use a technology such as VPN to securely connect to your corporate network. Even tools such as Teamviewer or Anydesk are far more secure options. 

Always assume an insecure network: 

Employees may not be working from a secure/encrypted network, such as those who self-isolate in hotels and use the hotel’s Wi-Fi, so be aware of this possibility. Set up a secure VPN connection for them and give them access to the necessary tools. 

 5. Enforce Web filtering 

 There is certainly a distinct between working from home and working the office.  

When working from home, employees are more vulnerable to clicking links as they’re more easily distracted and there is a reduced opportunity to flag a suspicious link as you may do in the office when your colleagues are around the corner. 

Using the same web filter environment for employees connecting via SSL VPN as they would if they were in the office is critical to keeping them and your network safe. 

 

6. Insist on (and Enforce) Multi-factor Authentication: 

Your organisation’s password policy should be clear and prevent users from using a single password for more than one service. Use a password manager, such as 1Password, LastPass or Keepass, to prevent your employees from using the same password across all their accounts. 

 

 7. Consider A Remote Working Cyber Risk Assessment: 

Help desk teams in larger organisations may already be on hand to assist with routine IT issues. You’ll want to make sure that your users have a separate way to report security issues such as an increase in phishing scams, as these teams will have a lot of work to do over the next few weeks. 

Gridware’s Remote Working Penetration Test might be what your organisation needs to accurately assess and remediate your WFH environment within 1-2 days, with clear security recommendations from our experienced network penetration testing team. 

For more information on how to stay cybersecure, visit our Remote Working Assessment and Cyber Security Awareness Training pages, or Contact Us on our 24 hour Support Line. 

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.

Contact

Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Company

Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →

Services

Services

Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl
360

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution

Resources

Resources

A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →