Cyber Hygiene Tips for Remote Workers
Cybersecurity is always a priority. When teleworking or working remotely, additional cybersecurity strategies must be considered.
- DIR OCISO Teleworking Tips (PDF|138.28KB) DIR's Office of the Chief Information Security Officer provides the following information technology guidance for teleworkers.
- DIR OCISO Virtual Collaboration Tools Security Tips (PDF|215.77KB) DIR's recommendations for cybersecurity when using virtual collaboration tools.
Teleworking spaces can include your home, or a public or shared space. Please check with your employer to ensure you are working from an approved location. Be sure to follow the same processes and procedures as if you were in your typical physical work location. These include:
- Keep your workspace clean. Do not leave documents unattended or in view of unauthorized people. This includes family members, roommates, friends, other coffee shop or library patrons, etc.
- Keep devices locked when unattended. Set your computers and phones to lock when not in use for more than a few minutes. If your locked screen previews new messages or emails, contact your organization's IT help desk to learn how you can hide them.
- When participating in phone conversations or digital meetings, make sure confidential conversations cannot be heard.
- Keep your work and personal business separate. Become familiar with your organization's acceptable use policy to ensure you are not violating laws or policies by conducting personal business on a work device.
- Do not download sensitive or confidential work documents to your home computer.
- At the end of the workday, log off all work devices and remote work platforms.
SANS Security Awareness Resources for Securely Working from Home:
- SSA-Creating a Cybersecure Home (PDF|233.27KB) Sans Security Awareness presentation on how to create a cybersecure home.
- SSA-WorkingFromHome-CheatSheet (PDF|130.41KB) Sans Security Awareness top five steps to securely work from home.
Preventing Eavesdropping and Protecting Privacy on Virtual Meetings- A few simple options for holding a secure virtual meeting from the National Institute of Standards and Technology.
Contact your organization's IT department to determine how to safely connect to your work networks. Generally, best practice is to access the Internet only through a trusted network such as your password-protected home Wi-Fi or traditional network cable. Because of the security risks, if possible, avoid connecting to public Wi-Fi in shared locations.
- Consider using work-issued mobile hotspots, smart phone tethering, or private networks that are password-protected. All other connection points should be treated as insecure.
- To avoid automatic WiFi connections, turn off automatic WiFi connections until you're ready to connect to a secure connection.
- Always connect through your organization's Virtual Private Network (VPN) while on unsecured or public Wi-Fi access points.
- In a security event, disconnect from WiFi immediately and contact your IT help desk.
Network and system administrators may prepare to manage the increased load caused by additional teleworkers by implementing strategies to handle additional traffic, such as split tunneling. Split tunneling allows the administrators to allow high bandwidth traffic that does not need to be secured to go directly to the internet, rather than to the organization first. Even if your organization permits split tunneling, you should follow these basic hygiene items:
- Only go to websites that you know are trusted.
- Limit high bandwidth activities such as streaming non work-related videos or music.
- Don't click on suspicious emails, links, or attachments.
- Forward any suspicious emails you receive to your appropriate IT contact.
- Only use your work devices for work-related tasks.
- Do not share your device or password with anyone.
If you have issues, make sure to call your organization's IT help desk for assistance.
- Enterprise VPN Security- As organizations elect to implement telework, the U.S. Department of Homeland Security-Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations to adopt a heightened state of cybersecurity.
Multi Factor Authentication (MFA) requires users to authenticate their username and password with an additional credential such as a code sent via text message or automated phone call, a push notification from a smartphone app, or other method. MFA helps verify the identity of a person, and as a result helps keep your organization's data safe. Contact your IT help desk to see if a MFA solution is available for you.
Office of the Chief Information Security Officer Bulletins
DIR Guidelines for Zoom (PDF|174.4KB) May 4, 2020: Guidance and suggestions on the use of Zoom and other virtual collaboration tools.
COVID-19 CISA Stakeholder Update –Guidance and Resources (PDF|246.72KB) April 13, 2020: DIR's Office of the Chief Information Security Officer provides an update from CISA on recently published guides and resources for stakeholders responding to COVID-19.
National Cyber Awareness System Activity Alert COVID-19 Exploited by Malicious Cyber Actors (PDF|222.25KB) April 8, 2020: DIR's Office of the Chief Information Security Officer provides an Alert from the National Cyber Awareness System on COVID-19 Exploited by Malicious Cyber Actors.
FBI PSA FBI Sees Rise in Fraud Schemes Related to the COVID-19 Pandemic (PDF|250.99KB) April 3, 2020: DIR's Office of the Chief Information Security Officer provides a FBI PSA About the Rise in Fraud Schemes Related to the COVID-19 Pandemic.
FBI PSA Cyber Actors Take Advantage of COVID19 Pandemic to Exploit Increased Use of Virtual Environments (PDF|301.6KB) April 2, 2020: DIR's Office of the Chief Information Security Officer provides a FBI PSA About Cyber Actors Take Advantage of COVID19 Pandemic to Exploit Increased Use of Virtual Environments.
Threat Actors Spoof Collaboration Tools (PDF|218.8KB) March 31, 2020: Reports on the rise of newly registered Zoom-themed domains being leveraged for malicious purposes.
Coronavirus Map Theme Used to Disguise and Deliver AZORult Infostealer (PDF|210.02KB) March 12, 2020: DIR's Office of the Chief Information Security Officer warns against malicious website pretending to be the live map for COVID-19.
Voice to Email Messaging Security Awareness (PDF|56.03KB) March 16, 2020: DIR urges caution for voice to email messaging.