Working from Home (WFH) Cybersecurity Checklist Prepared by: Cyber Florida and Scarlett Cybersecurity
www.cyberflorida.org | www.scarlettcybersecurity.com 1|Page
Working from Home – Cybersecurity Checklist The sudden shift to remote operations left many organizations unprepared for the realities of a 100% remote workforce. Although many industries have been trending towards remote-only over the past decade, the global emergency caused by COVID-19 has been an unexpected catalyst for rapid change. Historically, companies were hesitant to transition to a remote/work from home employee base due to perceived productivity impacts and lack of control. In our experience, when organizations utilize their IT teams and consultants to assist with the transition to a remote workforce, they realize their fears and hesitations were unwarranted. We have anecdotal evidence of increased productivity, collaboration, and job satisfaction from many of our clients. However, this move has not been exclusively positive for all companies. Whereas the more obvious negative effects, such as lack of physical IT support, were anticipated, we have observed many cybersecurity-conscious clients become overwhelmed by the new challenges presented from a remote workforce. These checklists are meant for organizations to make sure they are properly prepared for remote work. They should serve as a quick reference to ensure everyone is following the same practices to keep the company and their information secure. There is an Employee Checklist and a Leadership Checklist.
2|Page
WFH Employee Checklist •
Password Safety We have all heard how important it is to have a secure password. During global events it is common for attackers to increase their efforts since a compromised account is harder to notice when employees are working from home. Always be sure to keep your passwords up to date and change them if you believe they have been compromised. Generally, you want a password with at least 8 characters (including both numbers and symbols).
o
Quick Tip: Use a passphrase that is easy to remember but hard to crack – “Welc0meT0Rem0te!” would take a supercomputer over 1 TRILLION years to crack yet it’s easy to remember!
o
•
Device Awareness Just because you are remote doesn’t mean device safety isn’t important! People underestimate the damage that can be caused by a curious toddler. Always lock your computer when you step away, even in the comfort of your own home. Keep proprietary data private. Don’t share your work password or let others use work tools. Nobody wants to have their system compromised because a family member didn’t have proper cybersecurity hygiene.
o
o •
Quick Tip: The Windows Key and the “L” key (
+ L) lock your screen instantly.
Secure Wi-Fi A dangerous assumption that is made all too often is that we are connected to the correct network when we are at home. Be sure to always connect to the proper router and check the “Wi-Fi” icon in Windows to ensure you aren’t accidentally using a neighbor’s network. Also be sure to check that all the connections to your network are expected.
o
Quick Tip: If you go to your router’s settings page using your internet browser, you can usually check all active connections. If you don’t recognize a device, be sure to block it and change the Wi-Fi passcode.
o
3|Page
•
Check Anti-Virus Your company probably uses an anti-virus platform. Software breaks, especially when it can’t be monitored centrally. If you notice that security tools that are supposed to be running aren’t working, be sure to check with your IT staff to see if there are any issues. AV is a great line of defense against accidental malware execution and can help a company save millions by preventing ransomware and viruses. o
Quick Tip: VirusTotal.com is a free and secure site to check if a file you downloaded could be malicious. Simply upload a file or search for a file name and this website will report back with results from dozens of Anti-Virus scans. You can even check websites using the “URL” button!
o
•
Backup Your Work The infrastructure that holds the world together is uniquely strained with a remote work transition. Power outages and internet failure could become more common and be devastating if you have unsaved work. Be sure that everything is properly backed-up in a cloud environment or disconnected hard drive. If your device does go offline or gets infected, you are going to need a quick method of getting back to work. Talk to your IT staff to determine the options available to you.
o
Quick Tip: If you are using Microsoft Office products, you can set all your documents to autosave (upper left-hand corner) and they will be saved to OneDrive. Check with your IT support team for other document storage capabilities. o
•
Ask the IT People Working remotely doesn’t have to be a silo. Your IT helpdesk is still available for any questions. Whenever you are unsure about a potential action, give them a quick call to double-check. Cybersecurity is one of the most important factors for remote work – don’t take any chances. Collaboration is good for everyone; don’t hesitate to call your remote IT support team.
o
Quick Tip: It causes more work on everyone’s part if there is a cybersecurity incident. Taking security shortcuts can end up backfiring in a big way. Do not be afraid to reach out to your IT support teams and your manager with questions.
o
4|Page
WFH Leadership Checklist •
Zero-Trust We all trust our teams to do their jobs to the best of their abilities using the tools provided. The attackers know this and make every effort to exploit the implicit trust given to employees by IT solutions. A newer trend in cybersecurity is the concept of “Zero-Trust.” Basically, tools should be in place to verify that every action is being taken by the proper individual. Just because we see that John’s account is active, doesn’t mean that John is the one behind the keyboard.
o
Solutions: A full Zero-Trust security model relies on the tried-and-true “principle of least privilege.” Proper permission management is key – only give users the access that they require to do their jobs. Couple this strategy with a log-correlation engine such as a SIEM/SOC solution to check user login locations, brute force attempts, and other suspicious account activities. Always use multi-factor authentication wherever possible. The goal here is to use tools that baseline normal traffic and alert when something looks suspicious while double verifying everyone is who they say they are.
o
•
Keeping Assets Current Patch management is critical during normal operations. Remote operations magnify the impact of unpatched devices because users are less likely to manually check for patches if the process is not automated for remote work. Ensuring that your organization keeps workstations, tools, and software patched is critical in defending against potential threats.
o
Solutions: Generally, we recommend a Remote Management and Monitoring solution that checks device patch status and pushes patches in an organized manner. Centralized reporting and compliance monitoring are critical, especially when it cannot be spot-checked physically.
o
•
Backup and Continuity Many companies were forced into this current scenario without a real plan. Continuity planning can be a nightmare, especially with all the different factors to consider. This event has been a bit of a wakeup call for some companies on the importance of accounting for natural disasters along with system failures. Use this time to ensure your infrastructure is properly protected and backed-up. Disaster Recovery is more than simply having a backup – you need to be able to get back online fast after an incident.
o
5|Page
Solutions: Disaster Recovery as a Service is a newer trend in business continuity that not only ensures data is protected but additionally stores images of the entire network as redundant “hot-sites.” These services allow an organization to quickly recover from major incidents without having to rebuild the entire environment.
o
•
VPN Security Companies that operate exclusively via VPNs need to be aware of emerging threats in the ecosystem. Never allow open RDP ports to be exposed to the internet; be sure to utilize proper VPN solutions. Be sure that your VPN solution is configured appropriately by experts. Remoting into an environment can give attackers free reign and cause havoc with normal operations.
o
Solutions: Make sure your company is utilizing a well-known and properly configured VPN solution. Enable 2FA for all users and require strict logging. Correlate these VPN logs into alerts using SIEM/SOC solutions or other alerting methods. Refer to the “Zero-Trust” model and apply these same principles to the VPN environment.
o
•
Endpoint Security Just as patch management is important to your endpoint security solutions, AV doesn’t do much good if it isn’t running properly. Centralized management solutions are a great way to ensure that you are getting what you pay for with your security tools and allows IT to take proactive approaches in resolving persistent issues.
o
Solutions: Again, we will recommend a Remote Management and Monitoring solution that checks device AV status and alerts IT should something go awry. Centralized reporting is critical for endpoint security. Sometimes an AV event can be an indicator of a risk that is much bigger beneath the surface.
o
•
User Feedback and Awareness Listen to your users. If they observe something suspicious, accidentally click on a bad link, or generally have issues with a security product, then it might be time for a change. Your IT staff and users should be on the same team. Lack of awareness can lead to major friction between technical and non-technical staff.
o
Solutions: Cybersecurity awareness training is vital for organizations of all sizes. Once users are trained, they know what to look for during a security event. Take all feedback seriously and create a system to check for incidents as needed.
o
6|Page
About Cyber Florida: Cyber Florida, also known as the Florida Center for Cybersecurity, was established by the state legislature (Chapter 1004.444) in June 2014 to “position Florida and its related workforce as a national leader in cybersecurity through education, research, and community engagement.” Established under the auspices of the University of South Florida (USF), the center is charged to work with all 12 State University System of Florida (SUS) institutions to:
Assist in the creation of jobs in the state’s cybersecurity industry and enhance the existing cybersecurity workforce.
Act as a cooperative facilitator for state business and higher education communities to share cybersecurity knowledge, resources, and training.
Seek out partnerships with major military installations to assist, when possible, in homeland cybersecurity defense initiatives.
Attract cybersecurity companies to the state with an emphasis on defense, finance, health care, transportation, and utility sectors.
These words, taken directly from Chapter 1004.444 of the Florida statutes, are the basis for our three primary mission areas—education, research, and outreach. View More at: www.cyberflorida.org
About Scarlett Cybersecurity: Established from the ground up by Cybersecurity Professionals, Scarlett Cybersecurity is unique in our goal of simplifying cybersecurity for all organizations. We believe in a comprehensive approach to cybersecurity that focuses on delivering the services that are truly needed for our clients. We act as true trusted partners and recommend services based on objective metrics, not “flavor of the week” solutions. We advise on strategy and implement affordable cybersecurity solutions tailored to our clients, regardless of size. Our comprehensive approach to cybersecurity focuses on all domains of cybersecurity, with a particular emphasis on client leadership retaining control of all decision making. With offices in Jacksonville, Florida, and Raleigh, North Carolina, our dynamic has been the Southeast. However, over the years, by word of mouth, we have engaged clients from Portland, ME, New York City, and Austin, Texas - among others. Our goal is simple – we want to help you make your organization more secure against cybercriminals. View More at: www.scarlettcybersecurity.com 7|Page