The Work-From-Home Security Checklist

work from home security checklist

January 26, 2022

Every business needs an effective Work-From-Home security checklist. The work environment is no longer confined to four walls and an office — it’s wherever you and other employees are. Today’s hybrid work environment allows employees to effectively connect, collaborate, share ideas, and be productive from any location, but this shouldn’t be at the expense of security.

Working-from-home transfers specific security responsibility from the employer to the employee depending on how the business functions.

Businesses that offer flexible work-from-home arrangements need to be vigilant about the cyber threats that their employees are exposing them to. Employees, contractors, and suppliers are targeted by sophisticated phishing, malware, and ransomware attacks. You need to ensure that your business is protected against privacy breaches, unauthorised access by hackers, and other types of threats. 

Here are security controls that your business can apply:

Approved Devices

Ensure all employees use business approved devices – BYOD devices can be used where specific security tools and configurations are installed and applied, but the preference remains to supply employees with company-owned laptops, tablets and smartphones.

Approved devices need to maintain stringent security processes like patching and configuration checks.

Reputable Software

Software downloaded and installed from the internet can contain hidden malware. Software should only be allowed if they are from reputable sources or providers and should be approved before installation and/or use. Employees should only be allowed to install company-approved software on laptops, tablets, and smartphones.

Information Security Awareness Training

Create and apply a work-from-home information security awareness training program that covers the critical areas of cybersecurity. This usually includes topics like phishing, social engineering, password practices, wireless networks, etc. An ongoing training program helps employees take the proper precautions while working from home.

Apply Updates Regularly

Apply the latest software updates to business devices as soon as they are available. Software updates including antivirus programs fix security bugs and help safeguard your data. According to CertNZ, keeping your software and devices updated is one of the easiest and most effective ways of protecting yourself from a cyber-attack.

Connect Using a VPN

Make sure employees use an approved VPN when connecting to the office network. A VPN secures the information transmitted between the office and the device the employee’s using data encryption. It’s designed to prevent cyber criminals from intercepting sensitive data, such as financial documents and customer information.

Use Multifactor Authentication (MFA)

Multifactor authentication (MFA) is one of the best ways to prevent unauthorised logins to online accounts. Systems that require access from the internet, particularly important ones such as work-related systems, email or messaging apps, need to be protected. Enabling two-factor authentication prevents attackers from guessing employee passwords or using stolen credentials. MFA can include email verification codes, authenticator codes in an application, fingerprint scanning, or USB drives.

Conclusion

Working from home has significant advantages for businesses. It’s also unavoidable and addressing security challenges is a collective responsibility between businesses and employees. Checklists like these can help defend against cyber-attacks and prevent a multitude of breaches and hacks from happening.

You May Also Be Interested In:

AA Traveller Website Hack

AA Traveller Website Hack

AA Traveller Website Hack – AA Traveller announced that a security incident in the AA Traveller website led to...

Recognise and Report Scams

Recognise and Report Scams

Recognise and Report Scams - Scammers impersonate trusted sources to steal your money or personal information. They...

Log4j Vulnerability

A critical vulnerability was discovered in the widely used logging utility, Log4J. December 2021 saw IT and security...

Ready to make cyber smart decisions?

Book a demo