Remote Working

Cybersecurity Checklist
Version 1.1 1st April 2020
About Cyber Management Alliance
Established in 2015, Cyber Management Alliance is one of the world’s leading cyber incident & crisis management service
providers offering advisory, executive training and bespoke workshops in all aspects of cyber crisis management, incident
planning, incident response testing and tabletop exercises.

Cyber Management Alliance (CM-Alliance) is the creator of the internationally-acclaimed NCSC-Certified, Cyber Incident
Planning and Response (CIPR) course. Previous attendees of the NCSC-Certified CIPR course and tabletop exercises include
organisations including the United Nations, UK Ministry of Defence, several UK Police Forces, NHS Trusts, European Central
Bank, Swiss National Bank, Microsoft, Ernst and Young, BNP Paribas and many others.

Services & Training Summary

At CM-Alliance, we believe that practice makes perfect when it comes to cyber crisis management. As part of our Cyber
Incident & Crisis Management training and workshops we offer:

n Incident Planning & Response: This training is certified by the UK Government’s NCSC and is titled Cyber Incident Planning
& Response. This certified course is highly interactive and covers the various tactical and strategic elements of planning
for a cyber-attack. The ‘Building & Optimising Incident Response Playbooks’ workshop focusses on creating and optimising
incident response playbooks.

n Crisis Management Tabletop exercises: Our Cyber Crisis Tabletop Exercises (CCTE) are verbally-simulated, business-
impacting, cyber-crisis scenario sessions where attendees discuss and review their actions and decisions.

n Trusted Advisory: Also referred to as vCISO (Virtual Chief Information Security Officer) our service is cost-effective and
commercially viable to organisations of all sizes and covers cybersecurity, privacy, audits and assessments.

TRUSTED ADVISORY & RETAINER SERVICES

Cyber Incident & Crisis Management (CICM)
GAP Assessments & Audit

Incident & Response Planning Crisis Management

Crisis Retainer Services

Regulatory &
UKUKGovernment’s
Government, Audit Track
GCHQ-Certified Building & Optimising
NCSC-Certified Cyber
Cyber Incident Incident Response
Cyber Crisis Tabletop
Incident Planning Exercise (CCTE)
Planning & Response& Playbooks Playbooks
Response
(CIPR)(CIPR) Track

Bespoke Planning & Playbook Workshops Executive Briefing and Awareness Sessions

Specialist Community Gatherings: Wisdom of Crowds

© 2020 Cyber Management Alliance Ltd

2
Remote Working Checklist
Thank you for downloading the Remote Working Cybersecurity Checklist. This is by no means a comprehensive list but we hope you
find it useful and it helps you be more prepared for cybersecurity attacks. Remember you can always get in touch with us if you need
specific advice. We are contactable on [email protected].

Cybersecurity Check
n Remind staff about the need to protect confidentiality c

n Remind staff NOT to lend their machines to their children or other members of the family c

n Remind staff that you are MONITORING their activity as per your policies and terms and conditions of employment c

n Update of software and OS: Ask staff to keep all their devices (corporate and personal) fully updated c

n Provide a VPN and or remote working solution for your staff (ensure you validate the VPN solution) c

n Send out regular reminders about critical software and mobile updates (ex: Abobe, Apple, Android, Chrome, c
Firefox) and ask staff to update (show them how to using recorded screencasts if necessary)
n Disable email forwarding for all accounts OR set up an alert if email forwarding is switched on c

Passwords
n Staff MUST not share passwords via emails or SMS messages (where really necessary, phone the other party) c

n Ask staff to use password managers (a very strong password for the password vault, written down & stored safely) c

n Remind staff that you will NOT call them about password resets (to help avoid being scammed) c

n Make 2 factor authentication (2FA) mandatory for all remote workers c

n Including email and when accessing any critical systems or applications c

n Ensure you have BACKUP CODES in case 2FA does not work c

n Use an APP for 2FA rather than SMS (free apps include Google’s authenticator) c

n Store these backup codes safely, preferably in a locked safe c

n Ensure you know how to backup and restore the 2FA tokens you are using (ex: Google Authenticator etc) c

Mobile Equipment (Remember these are now critical devices and must be treated as such)
n Ensure all your mobile equirpment has hardware encryption (where not possible, software encryption is ok) c

n All mobile devices must have FULL disk encryption c

n If you are renting laptops/desktops please ensure that you WIPE the hard disks to ensure no residual data is left be- c
hind. This MUST be on top of your to-do-list when things go back to “normal” OR when you have to return the machines

n Where staff are using personal devices, remind them not to download Apps from non-trusted sources. They are c
HIGHLY likely to contain malware

n Mobile devices are now business critical machines and must be subject to the same stringent policies like soft- c
ware-updating, backup, protective-controls

n Keep extra stock of mobiles,laptops,microphones and other peripherals c

n If possible use Googe’s DNS servers or CISCO’s umbrella DNS and force all laptops & mobile devices to use these. c
Advice staff to do the same on their personal devices (if unsure, ask for external help)

Continued...

3
Remote Working Checklist (cont)

Privileged Users (Hold the keys to the kingdom) Check

Find out more about our e-learning training for privileged users email us on [email protected] or call us on +44 (0) 203 189 1422

n Ensure you inform all IT and business privileged users and: c

n Remind them of their responsibilities c

n Insist that they DO NOT login for DAILY tasks with high privileges c

n Demand that they REPORT all errors/confess to mistakes immediately c

n Ensure they use 2-factor-authentication at all times.No exceptions c

n Ensure that NO procedures are bypassed (no emergency change without approval etc) c

Phishing Emails & Scams Check

n Remind staff NOT to open links or documents with Coronavirus information. Ask them to report these c
n Remind staff that it’s ok to make a mistake and that they should own up if they have: c
n Accidentally clicked on a suspicious file and or link c
n Opened a suspicious PDF or Word, excel file with a macro c

n Staff MUST report malware/ransomware infections immediately c

n Caution staff about remote helpdesk calls purporting to be from Microsoft or other computer vendors c

n Remind staff to be cautious about pop-ups about VIRUS warnings when surfing the web c

n Important Communications: If relevant, remind staff that critical emails only come from a specific email like c
[email protected] OR that the CEO never sends email from his email account

Policy & Illegal Activity Check

n Take this opportunity to remind users about your AUP or Acceptable Usage Policy (and other policies) c
n Remind staff that surfing porn sites on corporate machines, amongst other things, is illegal c
n Remind staff that using corporate devices to entice hatred, research terrorist related activities is illegal: c
n IT staff must be reminded
n NOT to use corporate machines to run hacking tools c
n NOT to attempt illegal activities (like attempting malicious hacking, scanning etc) on office time OR using any c
other corporate resources
n Staff MUST report malware/ransomware infections immediately c

n Staff must be conscious of the employer’s reputation when tweeting social messages on Twitter, Linkedin etc c

n Remind staff they MUST not use unapproved USB flash drives and unapproved cloud services c

 Remind staff it’s ok to make mistakes (ex: sending emails to wrong recipients, clicking on a malicious link, causing
n c
an outage etc) and that they MUST own up immediately. Stress that in most cases there will be NO repercussions

Continued...

1
Remote Working Checklist (cont)
Working Remotely, Online Meetings & Calls Check
n Remind staff NOT to have confidential calls and business discussions near SMART SPEAKERS like Amazon’s Alexa, c
Apple’s Homepod and Google’s Home

n Remind staff to MUTE their microphone when they are not speaking in a conference call c

n Educate all staff to ensure webcams are blocked by default (physically and by the conference app you use) c

n Remind staff NOT to leave their machines UNLOCKED, especially during a call or when visiting the loo, especially in a c
public place

n Ask staff NOT to work from coffee shops or public places (if possible) – especially if they are on confidential calls or c
working on confidential documents

n Request staff NOT to use ‘Print to email’ feature offered by printers c

n “Buddy up” with a colleague & swap mobile numbers and check-in each morning c

n Remind staff to be cautious about pop-ups about VIRUS warnings when surfing the web c

n Ask staff NOT to defer critical updates to software c

n If possible, ask that screen filters are used to make shoulder-surfing harder c

n Ask staff NOT to use just any VPN solution to access corporate resources. This is quite important as VPNs are c
recommended as a way to stop snooping and interception. However, several VPN softwares are malicious

n Staff MUST not switch on forwarding of corporate emails to their personal emails AND OR must not use alternative c
email clients to access corporate email

Exceptions & Change (Get ready to grant exceptions left, right & centre) Check
n If you don’t have one yet, create an ‘exceptions’ register c

n Create a review-by-date and put multiple calendar reminders for you/your team to review them c

n Where possible, have a ‘No way this is an exception’ list c

n Pay special attention to change management and carry out a weekly or monthly review c

Privacy Check
GDPR and PECR (privacy and electronic communications regulations) still apply. Please remind staff of their obligations
n Remind all staff of their responsibility to respect the privacy of your clients and your staff c

n Remind IT and cybersecurity folks to be extra vigilant for possible malicious activity on user accounts c

n Ask staff NOT to PRINT personal information c

n Staff must be reminded NOT to email personal information via email OR store personal information in non-approved c
locations

n Staff members may be exchanging personal phone numbers and or emails. If possible avoid this OR ask staff to c
prepend ‘delete-later’ to the name of staff if they save these details

Continued...

4
Remote Working Checklist (cont)

Cyber-attack & Incident Response Check

To find out more about our UK-Government NCSC certified course on incident planning and response, email us on
[email protected] or call us on +44 (0) 203 189 1422

n Constantly remind staff to be on alert for phishing emails and other attempts to compromise/steal account details c

n Staff must report all phishing emails and malicious activity c

n If staff suspect something malicious, encourage them to call certain stakeholders, especially if they do not receive any c
response via existing channels

n Security staff must be extra vigilant and actively seek out suspicious activity (given remote working habits of users c
this may be operationally expensive)

n Ask IT and security staff (including outsourcers/partners) to pick up the phone and call if it’s important rather than rely c
on email. Use a separate out-of-band app or something as simple (not very secure) as WhatsApp groups for urgent
communications

n Keep a printed copy of your procedures and checklists at home AND make sure they are not easily accessible c

n Monitor endpoints (laptops etc) more closely and if possible use EDR type tools urgently c

n Never too late: Start working on your Cyber Incident Planning & Response strategy now c

Backup Backup Backup Check

n Provide staff software to ensure their critical documents are backed up c

n Ask staff to back up data on an approved external hard disk that is NOT permanently connected to the device c

n Ask staff to use only approved cloud storage services (if permitted) c

n Encourage staff to reach out to discuss any cloud storage or cloud service solution that they want to use. c
Cloud services include but are not limited to:
• File sharing services
• File storage and synchronisation
• Project management apps or services
• Collaboration tools and services
• Note taking and storage services
• Photo storage and sharing services

HR & Mental Health & Occupational Health Check

n Check that HR have got in place policies to deal with occupational health in a remote working setting. Remote working c
may be the norm for a sustained period. Practices such as “working from the sofa” can produce other health issues i.e.
back problems. Formal policy and risk assessments are strongly recommended

n Remind staff that they should reach out to discuss any mental health issues c

n Set clear work-time boundaries. (Remote working can often lead to unrealistic expectations where the assumption c
is that staff will be available at all times)

n Enable staff to confidentially send critical messages (health, safety, mental health, security, crisis) quickly and c
securely. Do this preferrably via a mobile app. DO NOT use email please

Continued...

5
Remote Working Checklist (cont)

Video & Audi Conferences Check

n Send out regular reminders to staff about using only officially approved conference apps c

n Remind staff to read about and be aware of basic security and privacy settings like: c

n Having a password for every meeting or conference call c

n Camera must be switched off OR blocked by default, for both the host and attendees c

n Microphone is on MUTE by default c

n Kicked out participants CANNOT rejoin c

n Ask staff to ensure their meetings are NOT being recorded c

n If you are recording please inform all participants c

n Remind staff to EXIT or close the app once the conference is complete c

Helpdesk & Support Check

n Support staff MUST be on high alert and challenge password resets or ‘strange’ requests c

n Ensure you review/audit permissions and privileges of helpdesk staff c

n If possible, introduce extra user identity verification for all users c

Useful Links
n Our UK NCSC-Certified Cyber Incident Planning & Response Course - Click here

n Our Building & Optimising Incident Response Playbooks Workshop - Click here

n Our Cyber Crisis Tabletop Exercise (CCTE) Download and Page - Click here

n Our Cybersecurity blogs - Click here

n Our Insights with Cyber Leaders -Click here

n Our Resources Page - Click here

n Our Webinar BrightTalk Webinar Channel - Click here

1
Author: Amar Singh.
Edits by Aditi Uberoi

Contributors: We wish to thank the following for contributing to this

document: James Mckinlay, Stephen Massey, Mihir Joshi, David Cass
and Tee Patel.

[email protected] http://cm-alliance.com +44 203 189 1422 @cm_alliance