As more employees work from home, basic security measures need to be taken to protect the individual and the enterprise from cyber criminals who are taking advantage of sloppy teleworking security practices. It is important to review all telework agreements to ensure they are in compliance with agency information security policies. Ensure employees receive agency information systems security training. Work with employees to ensure they fully understand and have the technical expertise to comply with the agency requirements. Cyber criminals are taking advantage of the fact that people are looking for information on COVID-19. Consequently they are distributing malware campaigns that impersonate organizations like WHO, CDC, and other reputable sources by asking you to click on links or download outbreak maps. Slow down. Don't click. If necessary go directly to a reputable website to access the desired content.
RECOMMENDATION TO IMPROVE THE DIGITAL SECURITY FOR REMOTE WORKERS
- Lock down Your Login Create long and unique passphrases for all accounts and use multi-factor authentication (MFA) wherever possible. MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.
- Connect to a secure network and use a company- issued Virtual Private Network (VPN) to access any work accounts. Home routers should be updated to the most current software and secured with a lengthy, unique passphrase. Employees should not be connecting to public WiFi to access work accounts unless using a VPN
- Separate your so your company devices are on a separate (WiFi) network, and your personal devices are on different network.
- Keep devices with you at all times or stored in a secure location when not in use. Set auto log-out for in case you walk away from your computer and forget to log out.
- Limit access to the device you use for work. Only the approved user should use the device, family and friends should not use a work-issued device.
- Keep in mind to maintain the confidentiality your conversations during your video calls and remote meetings. It’s recommended to use a separate room in the house
- Use company-approved/inspected devices and applications to complete your tasks.
- When in doubt, throw it out. Links in email, social media posts and online advertising are often how cybercriminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.
- Update your software. Before connecting to your corporate network. Be sure that all internet-connected devices including PCs, smartphones and tablets are running the most current versions of software. Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats.