Cybersecurity Awareness Dos and Donts Refresher

Advertisement

As we have adjusted to a combination of hybrid, in-person and remote work conditions, bad actors continue to exploit the vulnerabilities associated with our work and home environments. Below are a few tips to help employers and employees address the security threats and challenges of our new normal:

  • Monitoring and awareness of cybersecurity threats as well as risk mitigation;
  • Use of secure Wi-Fi networks, strong passwords, secure VPNs, network infrastructure devices and other remote working devices;
  • Use of company-issued or approved laptops and sandboxed virtual systems instead of personal computers and accounts, as well as careful handling of sensitive and confidential materials; and
  • Preparing to handle security incidents while remote.

Be on the lookout for phishing and other hacking attempts.

Advertisement

Be on high alert for cybersecurity attacks, as cybercriminals are always searching for security vulnerabilities to exploit. A malicious hacker could target employees working remotely by creating a fake coronavirus notice, phony request for charitable contributions or even go so far as impersonating someone from the company’s Information Technology (IT) department. Employers should educate employees on the red flags of phishing emails and continuously remind employees to remain vigilant of potential scams, exercise caution when handling emails and report any suspicious communications.

Maintain a secure Wi-Fi connection.

Advertisement

Information transmitted over public and unsecured networks (such as a free café, store or building Wi-Fi) can be viewed or accessed by others. Employers should configure VPN for telework and enable multi-factor authentication for remote access. To increase security at home, employers should advise employees to take additional precautions, such as using secure Wi-Fi settings and changing default Wi-Fi passwords.

Advertisement

Change and create strong passwords.

Passwords that use pet or children names, birthdays or any other information that can be found on social media can be easily guessed by hackers. Employers should require account and device passwords to be sufficiently long and complex and include capital and lower case letters, numbers and special characters. As an additional precaution, employees should consider changing their passwords before transitioning to remote work.

Update and secure devices. 

Advertisement

To reduce system flaws and vulnerabilities, employers should regularly update VPNs, network infrastructure devices and devices being used to for remote work environments, as well as advise employees to promptly accept updates to operating systems, software and applications on personal devices. When feasible, employers should consider implementing additional safeguards, such as keystroke encryption and mobile-device-management (MDM) on employee personal devices.

Use of personal devices and deletion of electronic files.

Advertisement

Home computers may not have deployed critical security updates, may not be password protected and may not have an encrypted hard drive. To the extent possible, employers should urge employees to use company-issued laptops or sandboxed virtual systems. Where this is not possible, employees should use secure personal computers and employers should advise employees to create a separate user account on personal computers designated for work purposes and to empty trash or recycle bins and download folders.

Prohibit use of personal email for work purposes.

Advertisement

To avoid unauthorized access, personal email accounts should not be used for work purposes. Employers should remind employees to avoid forwarding work emails to personal accounts and to promptly delete emails in personal accounts as they may contain sensitive information.

Secure collaboration tools.

Employees and teams working from home need to stay connected and often rely on instant-messaging and web-conferencing tools (e.g., Slack and Zoom). Employers should ensure company-provided collaboration tools, if any, are secure and should restrict employees from downloading any non-company approved tools. If new collaboration tools are required, IT personnel should review the settings of such tools (as they may not be secure or may record conversations by default), and employers should consider training employees on appropriate use of such tools.

Advertisement

Handle physical documents with care.

Advertisement

Remote work arrangements may require employees to take sensitive or confidential materials offsite that they would not otherwise. Employees should be advised to handle these documents with the appropriate levels of care and avoid printing sensitive or confidential materials on public printers. These documents should be securely shredded or returned to the office for proper disposal.

Develop clear guidelines and train employees on cyberhygiene.

To ensure employees are aware of remote work responsibilities and obligations, employers should prepare clear telework guidelines (and incorporate any standards required by applicable regulatory schemes) and post the guidelines on the organization’s intranet and/or circulate the guidelines to employees via email. A list of key company contacts, including Human Resources and IT security personnel, should be distributed to employees in the event of an actual or suspected security incident.

Prepare for remote activation of incident response and crisis management plans.

Advertisement
Advertisement

Employers should review existing incident response, crisis management and business continuity plans, as well as ensure relevant stakeholders are prepared for remote activation of these plans, such as having hard copies of relevant plans and contact information at home.

DO DON’T
 

  • DO create complex passphrases
  • DO change home Wi-Fi passwords
  • DO create a separate Wi-Fi network for guests
  • DO install anti-malware and anti-virus software for internet-enabled devices
  • DO keep software (including anti-virus/anti-malware software), web browsers, and operating systems up-to-date
  • DO delete files from download folders and trash bins
  • DO immediately report lost or stolen devices
  • DO log off accounts and close windows and browsers on shared devices
  • DO review mobile app settings on shared devices
  • DO handle physical documents with sensitive and/or confidential information in a secure manner

 

 

  • Do NOT use public or unsecure Wi-Fi networks without using VPN
  • Do NOT access or send confidential information over unsecured Wi-Fi networks
  • Do NOT leave electronic or paper documents out in the open
  • Do NOT allow family or friends to use company-provided devices
  • Do NOT leave devices logged-in
  • Do NOT select “remember me” on shared devices
  • Do NOT share passwords with family members
  • Do NOT use names or birthdays in passwords
  • Do NOT save work documents locally on shared devices
  • Do NOT store confidential information on portable storage devices, such as USB or hard drives

 

Published by

National Law Forum

A group of in-house attorneys developed the National Law Review on-line edition to create an easy to use resource to capture legal trends and news as they first start to emerge. We were looking for a better way to organize, vet and easily retrieve all the updates that were being sent to us on a daily basis.In the process, we’ve become one of the highest volume business law websites in the U.S. Today, the National Law Review’s seasoned editors screen and classify breaking news and analysis authored by recognized legal professionals and our own journalists. There is no log in to access the database and new articles are added hourly. The National Law Review revolutionized legal publication in 1888 and this cutting-edge tradition continues today.