Cybersecurity Tips for Remote Working & Learning During COVID-19

Cybersecurity is essential as more employees are students are are working and remotely as a result of the COVID-19 coronavirus, Teleworking and distance learning comes with the added responsibility of taking the appropriate steps to protect your organization’s data while being connected online. Keep these tips in mind:

  • Know your organization’s telework policies. This includes when and where it is acceptable to work away from the office as well as any security measures or best practices.
  • Use only devices approved by your organization. Avoid using personal computers, tablets and cellphones – as well as those shared with others – to work.
  • Use VPN when necessary. Virtual private networks, which provide secure direct connections to your organization’s computer network, might be necessary when accessing files, working with sensitive information or using certain websites. If you don't have VPN on your device, contact your company's help desk to see if it's available.
  • Update your router's software. Home routers should be updated to the most current software and secured with a lengthy, unique passphrase.
  • Think before you click. Avoid downloading or clicking on unknown links in emails. If you aren’t sure if you should, call the sender first. Hackers often use fake websites to trick you into giving sensitive information or to install malware onto your device. Get more tips.
  • Guard your devices. If your organization allows you to work elsewhere from your home, never leave your laptop, tablet or cellphone – including any USB or external storage devices – unattended. Avoid entering passwords where others can see.
  • Create strong passwords. Be sure they include a mix of upper and lowercase letters, numbers and symbols. Make them difficult enough that someone can’t guess them.
  • Don’t share passwords online. If you must share log-in information with a coworker, call them with the details instead of sending via email, text or instant message.
  • Use two-factor authentication. Although it can be inconvenient, two-factor authentication, if available, provides an extra layer of security to keep hackers from accessing accounts.
  • Encrypt your email. Some data and information might need to be encrypted before sending it electronically. This might also include information that you might otherwise share in a conversation if you were at the office.
  • Update your devices. If you are using a personal device that's been approved for teleworking, be sure that it running the most current operating system and that your web browsers and other applications are also up to date. Also be sure you are running an up-to-date and modern anti-virus software solution. Updates include important changes that improve the performance and security of your devices. (Get help securing your devices.)
  • Contact your IT help desk. If you need technical support, contact your organization’s IT department. Don’t try to fix technical issues yourself.

Advice for Organizations

As organizations explore various alternate workplace options, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency recommends examining the security of IT systems by taking the following steps:

  • Secure systems that enable remote access.

    • Ensure that virtual private network and other remote access systems are fully patched.
    • Enhance system monitoring to receive early detection and alerts on abnormal activity.
    • Implement multi-factor authentication.
    • Ensure all machines have properly configured firewalls as anti-malware and intrusion prevention software installed.
       
  • Test remote access solutions capacity, and if needed, increase capacity.
  • Ensure continuity of operations plans or business continuity plans are up to date.
  • Increase awareness of IT support mechanisms for employees who work remotely.
  • Update incident response plans to consider workforce changes in a distributed environment.