Best Practices In IT Security For Your Remote Professionals
We recognize that every organization has its own IT policies and procedures. When it comes to security, we suggest treating your RP like any other remote-working member of your team.
Below you will find WBN’s best practices, which were created in association with several IT experts. If you need assistance with installing any software or hardware, please contact your WBN Success Coach.
Internet
- Consider having your RP use a VPN (virtual private network). When connecting to the internet through a VPN, your traffic is encrypted. No one can see what you do online or interfere in any way. When using a VPN, you may want to recommend to your RP to choose a US-based server.
- With regard to WiFi, we recommend that you encourage your RP to connect to the internet via an encrypted connection and use a strong WiFi password (see more on passwords below). WPA2, while not perfect, is currently the most secure choice and preferred to WEP encrypted networks.
- If the RP’s WiFi router allows, have their computer on a separate network from their other devices. This can sometimes be done by putting other devices on a guest network.
Data
- Tell your RP that all documents and other data should be stored on your servers or on the cloud-based storage that you use. No data should be stored locally on their computer or uploaded to personal cloud services.
- Consider restricting the information that your RP can access by limiting the access levels in your IT infrastructure. It’s best to ensure that RP’s only have access to information necessary to complete their jobs.
Passwords & Access
- With regard to your RP’s use of applications, your RP should have their own login and password. Do not share credentials to ensure that you can verify who has accessed an application as well as revoke access to applications as needed.
- Consider using a password manager that you can access as well. Some password managers can be set up to give RPs temporary access to certain applications without the RP ever knowing the password
- Instruct and require your RP to use strong passwords. This means they should never reuse passwords that have been used elsewhere.
- When possible enforce multi-factor authentication for applications with highly confidential data. 2FA or two-factor authentication using email or text messages in addition to a username and password is a standard added layer of protection.
- Remind your RP to be diligent when replying to emails or providing information; always ensure that the sender is legitimate and not a spoofed or false address. Never provide any payment or personally identifying information in an email.
Hardware
- Tell your RP to turn off their computers at the conclusion of each work day. If this is not possible or appropriate, ask them to reboot their computers once a day.
- All devices and software should be configured to either automatically install updates or at least notify when updates are available (and they should be installed within 24 hours of the notification).
- Require installation of malware protection software and anti-virus software on computers used for RP work. This ensures your critical business information is not stolen.
- Require use of a modern operating system; end of life or unsupported operating systems like Windows 7 cannot be patched for security vulnerabilities & present risk.