Working From Home - IT Security Recommendations
Working from Home - IT Security Recommendations
As your staff move to a “primarily working from home” model during the COVID-19 outbreak, Netlink have put together a reminder of remote
worker security fundamentals to ensure the smooth running of your companies’ operations while keeping your assets protected from attackers.
Given that in most cases security of a home computer environment is inferior to that of your office and that the potential for a breach of
your corporate system is increased when staff are accessing it remotely. It is a recommendation for all staff who are working from home are
following the guidelines the below and on the Australian Government Stay
Smart Online website.
- Passwords or passphrases meet the company standard.
- A unique password is used for each account / service
- Change default passwords on modems/routers supplied by your Internet Service Provider
Australian Government - Secure
Multifactor (MFA) or Two-Factor (2FA) Authentication
Secure Wi-Fi / Wireless
Desktops and Laptops (including BYOD computers) have been hardened
Computers used by staff at any time to connect into corporate networks remotely must be security hardened.
- Computers must have the latest’s Microsoft or Apple patches and updates
- The applications installed on the workstation are up to date and patched regularly
Computers must have security software installed that includes anti-malware and personal firewall functions that meet the companies
Mobile Device Security
All mobile devices storing or accessing corporate information or resources (email, Office 365 SharePoint etc) shall be;
Protected by a secure access control method such as biometric authentication (e.g. fingerprint or face recognition) or the use of an
- Configured to lock automatically after 10 minutes of inactivity
- Configured to be remotely wiped by the IT Support personnel at any time. This may also result in personal data being wiped.
Jailbroken” or “rooted” devices must be prohibited from accessing the corporate networks, systems, and information.
Virtual Private Networks (VPNs)
All remote connections by staff to the corporate network or platforms or applications hosting corporate data for the purposes of teleworking
must occur via a firm’s approved TLS connection, SSH tunnel or IPsec virtual private network (VPN) solution.
Security Awareness Phishing / Malicious Emails
- Do not click on any hyperlinks in emails that are of a suspicions nature
Further COVID-19 advice from Netlink can be viewed at https://netlinkgroup.com.au/covid-19-update/