Establish corporate policies and procedures (test them beforehand if possible)
Develop a clear remote work policy, including guidelines for accessing corporate resources and whom to contact in case of problems. Establish a clear procedure in case of security incidents. Apply additional measures for documentation intended for signature, approval/review, and information for middle and senior management.
Secure corporate communications
Enforce multi-factor authentication to access corporate email. Provide access to secure communication channels so employees can easily communicate with each other and with third parties.
Secure remote work equipment
Implement measures such as encrypted hard drives, inactivity timeouts, privacy screens, robust authentication, control and encryption of removable media (e.g., USB devices). Implement a remote process to disable access to a lost or stolen device.
Increase security monitoring
Actively monitor unusual remote activity and increase alert levels for VPN-related attacks.
Secure remote access
Allow your employees to connect to the corporate network only through the company-provided VPN, with multi-factor authentication. Ensure that remote sessions expire automatically and require new authentication after a specified period of inactivity.
Raise staff awareness about remote work risks
Educate employees about the company’s remote work policy. Take time to raise awareness about cyber threats, especially phishing and social engineering.
Keep device operating systems and applications up to date
This will help mitigate the risk of cybercriminals exploiting unpatched vulnerabilities.
Consult regularly with staff
Establish realistic objectives, work schedules, and monitoring mechanisms, being flexible when possible and taking personal circumstances into account.
