As we mentioned in our latest blog, 3 keys to a successful cybersecurity plan for the new year, you want to have your business set up to protect against threats that come with having a predominantly remote workforce.

In this blog, we are going to share with you what this means for your cybersecurity planning checklist for the new year.  The checklist can work for your business long-term, seeing as a remote workforce is always a potential.

Before we begin, remember, security involves process, people and technology.  It’s never one or two, and it’s not fixed by a magic bullet.  Although cybersecurity is hard, if you keep it organized and have the security expertise to guide you, everything gets easier in time.

Our checklist is set up to include the foundational items for you to implement a holistic cybersecurity posture.  This gives you the possibility to create a strong security posture and with your remote workforce in mind.

Reach out if you need the cybersecurity guidance to walk you through it.  Happy planning for the new year ahead!

 

Remote workforce cybersecurity checklist

 

Remote workforce security assessment – At this time security assessments need to take into account that people are working from their homes.

So, the priority is given to network scans and firewall reviews.  For those who are still operational from the office, the same type of approach is still applicable.

Remote workforce compliance and privacy regulations – A recent study revealed that a majority of parents that work from home have had their children access their work computers.

This is a huge no, no, for any and all compliance and privacy regulations.  Informing your remote workforce of their obligations is extremely important.  Review compliance and privacy regulations material with them.  Also send them a printed copy of the regulations.

Some updates on compliance and privacy regulations you’ll want to prepare for in the new year:

  • The EU will be looking into making updates to the GDPR.
  • California’s CCPA has been expanded to the CPRA.
  • If you work with DoD or want to bid on DoD contracts you must meet: CMMC/NIST SP 800-171 compliance requirements.

Remote workforce business continuity – Having a backup system for your remote workforce can involve offline backups, as well as backups on external hard drives that they can use from home.

This is important in case they have a power outage, or their internet gets turned off while working from home.

You also want to ensure you have backups of their latest work.  You’ll have to plan this aspect with each employee individually to ensure all falls in line with privacy and compliance regulations of your industry.

Remote workforce policies and procedures – Always make sure you have all devices that are being used included in policies and procedures.  Even home devices if they are being used for work; they need to follow safety policies and procedures.  Have a system that your employees can implement easily and in a non-invasive way.

Inclusion of steps (what to do and not to do, basic cyber-hygiene, access management, password setup, etc.) to network and router security.  Help them understand these measures in a way that makes it easy for them to implement alone at home.

Third-party service provider aspects need to be kept in mind by your remote employees as well.  They need to know what to look for to report, in case something happens with any third-party provider that is fishy.  Using apps that are personal and not work-related must be addressed, whether with the company computer or mobile, the home network is one.

Make the terms relatable and follow up with employees to ensure they understand what’s being asked of them.

Remote workforce incident response plan – If you don’t have an incident response team it won’t help you to be as quick as possible, but it isn’t impossible for you to prepare for security with prevention and response in mind – incident response.

You want to plan by having a way to monitor the networks, devices used, and storage units.  Have an alert system, not only your antivirus.

Just remember that timing is everything, the longer you remain unaware of a security incident, the more damage it can do.

Do your best to have what you need in place to reduce the response time, which involves training your remote workforce and having at least one cybersecurity expert that is monitoring the systems and ready to support you if a breach happens.

Remote workforce cybersecurity training – Phishing and ransomware continue to be a threat, which means training employees on cybersecurity and how to avoid phishing continues to be very necessary; especially during the holidays when everyone is shopping online.

Now that your workforce is remote and not able to come together in big groups, you’ll want to plan for virtual-online training possibilities.

NCX Group has one that might be exactly what you need. Check out our free option for SMBs.

Remote workforce communication – You want to have a clear idea of what security steps are in place for all methods of communication.

This means you have eyes and ears on your conference video call platforms, text messages or chat boards, social media platforms, if you use Facebook rooms for example.

Also, even though the tools you use, such as Zoom, will have implemented security on their end, remember that the network of every home is also part of what needs to be secured.

If we can be of help, you’re always welcome to schedule your free consultation!

Schedule your call.

 

By Sergey Nivens