As your organization shifts towards enabling a remote workforce, there are a number of cyber security considerations to take into account. TELUS first began rolling out its remote team member strategy over ten years ago. It is this experience that allowed us to, despite the unprecedented impact of COVID-19, be prepared to securely enable a large incremental volume of remote team members. Some of these measures included rapidly increasing VPN capacity, accelerating the rollout of advanced endpoint security measures and prioritizing security awareness communications.
In an effort to share over a decade’s worth of learnings, we have put together a checklist that we believe will help organizations implement or expand a remote workforce.
Provide company laptops/devices to remote team members (where possible)
Equip laptops/devices with hardware encryption
Ensure laptops are running an up to date anti-virus software
Limit or restrict BYOD or the use of personal devices
Limit or restrict access to the organization’s infrastructure from personal devices
Secure sensitive data (Citrix, VPN) if relying on BYOD or personal devices
Keep all software and operating systems updated regularly
Provide staff with the proper tools to store critical documents (i.e. secure shared drive)
If active projects (or plans) to implement cyber security controls to protect your remote workforce, consider re-prioritizing or accelerating their rollout.
Set up a VPN or a secure remote access solution
Make 2 Factor Authentication (2FA) mandatory for all remote workers
Employ a network monitoring or logging system and setup alerts or use cases to track anomalous VPN traffic
Restrict or limit connectivity to third-party services from remote locations
Set up role-based access control
Set up 2 Factor Authentication (2FA) for any sensitive data
Encourage team members to use password managers
User cybersecurity awareness
Refresh cybersecurity awareness training for all team members
Emphasize the importance of reporting any suspicious emails, issues or errors immediately
i.e. if someone clicks on a suspicious file or link, it must be reported to IT immediately
Monitor for COVID-19 related phishing emails
Remind users of the differences between in office work and working from home arrangements
Draft (if the policy does not currently exist) and communicate following policies or guidelines to all staff on
Working from Home
Review your incident response plan
Check that you're able to enact it, in light of new restrictions on movement.
Be sure your essential vendors are operational and able to continue providing service
Maintain an adequate inventory of the devices critical to your operations
Communicate your expectations clearly to the team
If your company allows for “flex hours” clearly define what those are
Set up a mechanism for emergency communications
Mailing list, mass communication system, SMS
Foster an environment where employees are encouraged to ask questions and communicate with each other
Discourage the use of unsecure Wi-Fi
Remind staff to always lock their devices when not in use, and enforce lockouts through group policies
Ensure that work is being carried out in a private and secure location
Mandate saving data only to company-approved sources (i.e. avoid personal, local hard drives or non-company cloud drive services)
Remember, your TELUS Cyber Security Team is always ready to provide you with support and assistance.
To learn more about remote working security, visit telus.com/cybersecurity.