网络security for Employees Working From Home
Use a Virtual Private Network (VPN), not Remote Desktop Protocol (RDP).
The use of a VPN is a fundamental safeguard when users access the company's network via their home WiFi. A VPN allows for encryption of data, which adds a level of protection for information such as passwords, credit card numbers and other sensitive or private information. A VPN can also provide a level of anonymity through capabilities such as masking of location data, website history and IP addresses. Employers should avoid using the RDP on their network. RDP may be an expedient option, but it is not a secure solution.
MFA的基本原理是一个uthorized user must provide more than one method of validating their identity. Even if a cyber attacker has obtained a user ID and password, MFA decreases the risk that an attacker can gain access by requiring an additional means of validation. Commonly, the factors correlate to something you have (e.g., an authenticator app on a smartphone), something you are (e.g., a fingerprint) or something you know (e.g., a PIN). For more information on the best way to implement MFA at your company, reach out to your technology staff and/or managed service provider.
Ensure remote work practices comply with internal and external policies, laws and regulations.
It is important for companies to understand their regulatory environment and ensure that remote work maintains compliance. It is possible that some roles within a company will not be suited to remote work, in which case companies should be clear with staff about remote work expectations and permissibility. For example, some teleconferencing software may not be HIPAA compliant for use by a medical provider
because the software does not encrypt personal health information (PHI). Identify and address risks with storing business information in personal cloud storage or printing on home printers, etc.
Ensure systems, software, technologies and devices are updated with the latest security patches.
Employers should track the equipment to be used in a home environment and provide a means of updating software security patches. The National Institute for Standards and Technology (NIST) provides a National Vulnerability Database that offers information on vulnerabilities from many vendors. For more information about patch management and best practices to consider, reference the NIST Guide to Enterprise Patch Management Technologies.
Prevent unauthorized users on company resources (e.g., laptops, mobile devices).
雇员should not allow anyone to access company resources, including family members. Whenever possible, use a private location if you are on a call or in a meeting that involves sensitive information, such as anything HIPAA-related.
Use only company-authorized devices for remote work.
Dispose of company documents properly.
Review your company's records retention and management policies, as well as information management policies, to ensure compliance. If you must dispose of hard copies of company documents, either shred them or securely retain them for proper disposal when you return to the office. Protect physical documents that must be retained as best you can. For more cybersecurity best practices while working remotely, see the NIST publication Guide to Enterprise Telework, Remote Access and Bring Your Own Device (BYOD) Security
If you work from home, properly setting up your home office can help avoid painful injuries and time lost from work in the future.
As you ready your business to reopen, it is important to prepare for the “new normal,” with a business and safety plan that you can adapt to help you succeed in what will likely be a changing landscape.