When it comes to creating a mobile workforce, we at CalTech have developed a list of recommended configurations to help businesses remain secure while their employees are working remotely.

Write a Policy for Remote Access:

• Analyze the risk
• Have a plan
• Get board approval

Document:

• Use this pandemic as an actual incident
• Document how the organization handled it
• Report what worked and what didn’t work
• Record lessons learned

Managed Laptops/Devices:

• Provide your employees with organization issued laptops
• Ensure they use the same controls for security and patching
• Force encryption of hard drives
• Avoid personal laptops

Require Multi-Factor Authentication for Any Type of Remote Access:

• Virtual Private Network (VPN)
• Email
• Remote screen share

Secure VPN Access:

• Assume the laptop will be in an unsecured environment
• Enable firewall rules at the workstation level
• Ensure that all traffic is sent through the organization’s internet connection when connected to the VPN to ensure that all traffic from remote devices is filtered and secure.

Secure Your Data:

• Educate end-users not to save files locally
• Ensure data is still stored on the organization’s servers
• Ensure data is backed up and stored in secure locations

Enforce Screensaver/Lockout Policies:

• Realize that employees may be sharing workspace with family
• Prevent unauthorized access by others
• Remind staff to lock workstations when walking away

Increase Reporting Reviews:

• Review remote access logs regularly
• Review failed logons

Increase Cybersecurity Training:

• Provide adequate training for staff on how to use the new technology (Laptop/VPN)
• Remote users are being targeted
• Ensure your team knows what threats to look for

Modify your phishing testing:

• Cybercriminals are leveraging the current environment 
• It might feel easier to relax on testing, but resist that temptation 
• Increase/modify testing your users to identify gaps in training 

Plan to re-evaluate:

• Determine when to reassess the needs of remote employees
• Plan for removing remote access following the pandemic
• Update your incident response plan

Another item to consider adding to your plan is to have a cleaning crew in place to disinfect daily or for the possibility of a positive test at your organization. 

Lastly, ensure that you are communicating effectively with your customers throughout this event regarding how you plan to meet their needs.

Please share this with any businesses that could benefit from this information and are currently employing a remote workforce.