Remote Working Cyber-Security Checklist



How to Stay Safe During Lockdown


Covid-19 has led to a huge surge in the need for remote working. For most organisations, remote working is not new, and many will have existing policies in place to ensure users adhere to best practices when working remotely. However for some companies, this could be a completely new situation. If they have never implemented such policies, they may be feeling unsure as to the current solution they have in place to protect their business and employees.

Unfortunately cyber criminals have changed their tactics to make the most of this situation. This is why it’s important that people and businesses take extra steps to stay safe during this time.


Recently we created a guide to help businesses navigate their way through the difficulty of suddenly being presented with the hurdle of having to work from home, but more importantly to work from home securely. Given that this new method of working looks like it is here to stay for the foreseeable future, we wanted to make our advice more readily available by way of this blog post.

Here we have gone into further detail on some of the tips we have shared in our checklist:


Make two-factor authentication mandatory for all services


A variety of apps and websites offer two-factor authentication, which is a free security feature that provides an extra layer of protection when logging in to an account. The aim is to confirm a user’s identity by utilising information that only they would know. It will ask you for your password as well as a second piece of information – normally a code sent as a text or in an authentication app to the phone number linked to the account. We strongly recommend that people turn on two-factor authentication for all of the online services and accounts they use.


Use a password manager


As we all know by now, It’s important to use different passwords for all your online accounts. However this is easier said than done due to the volume of online accounts that everyone uses online, thus remembering them all can be extremely difficult. There are now secure password managers which can be provided for staff to store and securely share sensitive passwords, thereby assisting the company in protecting access, with examples including Lastpass and Dashlane. Not only do these services help securely store your login information but can also create complex and difficult to crack passwords which auto populate when visiting different site logins.


Ask staff to update their personal device software when updates are released


It is vital that people always install updates when asked or turn on automatic updates. This is because computer software performs best and is its most secure when it is kept up to date. Each update that is developed often helps to fix a slew of problems, as cyber criminals often exploit weaknesses in software and apps as a way to access personal data. Updates fix these weaknesses so user data cannot be accessed.

Remote working health checks

When it comes to remote working deployments, there can often be a variety of methods, ranging from remote terminals through a gateway to simple VPN services that capture all user traffic as though the user were physically located on premise.

Checking that the external footprint, the part that is exposed to the internet, is not disclosing information or has known vulnerabilities that potential attackers might want to exploit is important, as well as ensuring all communications are secure to and from your remote workers to wherever the servers or services are hosted. This will make sure that your company communications are not being intercepted.

Checking users’ devices and the configuration settings for your network which contains your company data is also important, as it is essential to make sure that whilst users have access to the information they need to work effectively.

But, in the same way that this access is important companies must be mindful of incorrect configuration settings that give unauthorised access to sensitive information. This applies to third parties but also staff as well, as an example a misconfigured setting could allow everyone access to the HR files, giving the company issues with GDPR compliance.

Furthermore, specific devices and configurations can be checked to ensure that remote workers are only able to reach the resources they are entitled to. 

If you would like to discuss any of the information above and how Marclay can help you through these unusual times, then please don’t hesitate to contact us for a no obligation discussion on +44 203 0393 395 or info@marclay.co.uk.

We have created a checklist to ensure you and your organisation are in the best situation to ensure business continuity. Check out our full checklist to ensure you are doing everything you can to keep yourself safe online: