Take compliance home with you.
A remote workforce means new cybersecurity challenges. Whether you’re deploying your organization’s computers or adapting to BYOD, there’s a lot to do… and threats are evolving even as your organization does. Use VSC features – policies, self-assessments, training, security reminders, and extra guidance – to make your work-from-home efforts a little bit easier. Lowkey Software’s team has added extra content to help.
How does VSC help you
You can use Virtual Security Center (VSC) to help you with the compliance side of work-from-home. Lowkey Software’s sister company Loptr has shared cybersecurity guidance for remote workers and VSC includes that guidance and more built-in resources to support your work-from-home team including:
- A new “work-from-home” role you can assign to remote workers. To add the role, edit any user from the People tab.
- Extra “work-from-home” policy statements that you can enable for anyone with the “work-from-home” role. As a risk manager, go to Administration > Policies and filter on the Category “Work-from-home”, then enable the policy statements you want to use.
- A new “move worker to home office” procedure that you can use to track your security ‘to do’ list as you migrate workforce members from the office. As a risk manager, go to the detail page for a workforce member, click the + icon on the procedure card, then select the ‘Move worker to home office’ activity and assign the checklist to whomever coordinates these security tasks.
- Additional coronavirus-specific awareness reminders. They’re in the March rotation but you can also send them on-demand more frequently – and you can send them just to work-from-home users if you choose. Go to Administration > Awareness to schedule or send reminders.
- Extra work-from-home training. The latest explain a real-world attack on home networks and offer 5 steps home workers can take to make their networks more secure. The videos are enabled but unscheduled. Go to Administration > Training to send these training videos. If you use the work-from-home role, you can quickly send this training to everyone with that role.
- New “BYOD” containers for Mac and Windows and a new home network container. You can send a security assessment to work-from-home users to verify security settings (from Loptr’s BYOD and home network short-lists) and track status in your risk analysis and compliance reporting. If you find gaps, you can track remediation tasks directly from VSC. You can add BYOD devices and home networks from the Technology tab.
- Guidance documents for IT and your workforce (you’ll find them in Administration > Documents)…
- Remote worker guidance assigned to the work-from-home role. You can send the guides via email, view them online in VSC, and track confirmation.
- IT-specific guidance assigned to the “IT” role. You can automatically send the guides via email to everyone in IT and, if you want, you can track when they confirm that viewing the documents.
- Coronavirus-specific threat guidance for your workforce. You can email the guide if you choose, or let workers view the guide online.
Include a worker’s home office in your risk analysis with the “home office” container. Add the workspace under the Places tab and assign an assessment (aligned with Loptr’s home office security checklist) to the employee. Like any VSC assessment, responses feed directly into your risk analysis and compliance reporting and you can request changes using a remediation plan in VSC, too.
Share information with VSC users when they login using the “message of the day” feature. If you have the information security officer role, make sure that “Message Of The Day” is enabled from Configuration > Features. From your home page, click on the edit icon in the panel above My Security Tasks and add your message. Here’s an example:
Beware COVID-19 Phishes!
If there’s one thing you can always count on, it’s that hackers will try to capitalize on current events. The latest example of this is an increase in phishing emails related to COVID-19. These bogus emails pretend to be from healthcare organizations, human resources departments, and even the CDC and WHO. The emails may claim that they have “critical information” regarding the virus and will try to get you to click on a link or attachment. If you do, the bad guy may steal your password or install malware on your computer. Here are some tips to protect yourself:
- Always check the sender of emails you receive. Do you know the person? Is it really coming from an internal address? Have you signed up for this mailing list?
- Think twice before you click on links or attachments. Is the link suspicious? Where does it go? Did you expect an attachment?
- Don’t enter your password after clicking a link. If a website wants password, check that it’s legit. Don’t enter your password again if you’re already logged in.