You can use Virtual Security Center (VSC) to help you with the compliance side of work-from-home. Lowkey Software’s sister company Loptr has shared cybersecurity guidance for remote workers and VSC includes that guidance and more built-in resources to support your work-from-home team including:
- A new “work-from-home” role you can assign to remote workers. To add the role, edit any user from the People tab.
- Extra “work-from-home” policy statements that you can enable for anyone with the “work-from-home” role. As a risk manager, go to Administration > Policies and filter on the Category “Work-from-home”, then enable the policy statements you want to use.
- A new “move worker to home office” procedure that you can use to track your security ‘to do’ list as you migrate workforce members from the office. As a risk manager, go to the detail page for a workforce member, click the + icon on the procedure card, then select the ‘Move worker to home office’ activity and assign the checklist to whomever coordinates these security tasks.
- Additional coronavirus-specific awareness reminders. They’re in the March rotation but you can also send them on-demand more frequently – and you can send them just to work-from-home users if you choose. Go to Administration > Awareness to schedule or send reminders.
- Extra work-from-home training. The latest explain a real-world attack on home networks and offer 5 steps home workers can take to make their networks more secure. The videos are enabled but unscheduled. Go to Administration > Training to send these training videos. If you use the work-from-home role, you can quickly send this training to everyone with that role.
- New “BYOD” containers for Mac and Windows and a new home network container. You can send a security assessment to work-from-home users to verify security settings (from Loptr’s BYOD and home network short-lists) and track status in your risk analysis and compliance reporting. If you find gaps, you can track remediation tasks directly from VSC. You can add BYOD devices and home networks from the Technology tab.
- Guidance documents for IT and your workforce (you’ll find them in Administration > Documents)…
- Remote worker guidance assigned to the work-from-home role. You can send the guides via email, view them online in VSC, and track confirmation.
- IT-specific guidance assigned to the “IT” role. You can automatically send the guides via email to everyone in IT and, if you want, you can track when they confirm that viewing the documents.
- Coronavirus-specific threat guidance for your workforce. You can email the guide if you choose, or let workers view the guide online.
Include a worker’s home office in your risk analysis with the “home office” container. Add the workspace under the Places tab and assign an assessment (aligned with Loptr’s home office security checklist) to the employee. Like any VSC assessment, responses feed directly into your risk analysis and compliance reporting and you can request changes using a remediation plan in VSC, too.
Share information with VSC users when they login using the “message of the day” feature. If you have the information security officer role, make sure that “Message Of The Day” is enabled from Configuration > Features. From your home page, click on the edit icon in the panel above My Security Tasks and add your message. Here’s an example: