Best Practices and Cyber Security Tips for Working Remotely

Given the unusual recent circumstances, many employees around the world are finding themselves in a situation where they must work from home or remotely.

I’ve been working remotely for almost 15 years, so I thought it would be great to share some of my experiences, cyber security best practices and tips, and lessons learned on how to stay focused.

I am fortunate that Thycotic is a global company that embraces remote workers. Our company culture is one that, no matter where in the world we work, our strength is our people, collaboration and teamwork. Our technology helps our employees, partners and customers securely access critical systems and applications regardless of their location. We enable businesses to continue growing even in emergency situations, such as now.

I sometimes find myself working from the most unusual places, be it from my home office, country house in the middle of nowhere, or on a remote island. And once I was quarantined years ago with the swine flu! I’ve had some similar experiences, so let’s continue and hopefully things will get to back normal as soon as possible.

Sponsorships Available

Sponsorships Available

Sponsorships Available

You might find yourself in a similar situation now, so I hope you’ll find my lessons for working remotely valuable. They’re designed to enable a somewhat normal routine in a chaotic world. They are useful in today’s unusual situation and will prepare you for the future should similar events force people to work remotely.

Staying connected is key. Maintain your internet access anywhere, anytime.

This is one of the most important things I ask myself – how will I stay connected?

Whether it be via public internet access, home internet access, hotel internet access or even mobile internet, this is one of the critical questions for working remotely. How will you stay connected to your peers, colleagues, partners and your customers? In most homes today you’ll find that you have unlimited access at extremely fast speed, which is something I have been fortunate to have in Estonia, a country that prioritized digitalization many years ago. Here we enjoy high-speed internet in almost any location, even in the forest.

Knowing your bandwidth limitations is important—you might want to disable bandwidth-hungry applications. An issue that many are currently experiencing is that during normal situations their internet is usually fast, but when everyone else is also working remotely too, there is stress on the ISP’s capabilities.

Know when to switch between home internet and mobile internet. If you have important calls or webinars you may want to switch to your mobile internet because during busy times, it can be more reliable and faster. If you’re traveling outside your home country, you could purchase a mobile internet SIM card to reduce excessive internet charges just in case you’re stuck in a foreign country.

I was in a similar situation in 2010 when I was travelling from the USA to Europe and Iceland’s volcano, Eyjafjallajökull, erupted, cancelling or delaying most flights to and from Europe. I was stuck in Washington DC for a few days but maintained connectivity. Staying connected to the internet is critical for remote workers.

Key tips to staying secure remotely when using internet access:

1. Turn off bandwidth-hungry applications when not needed
2. Always use your corporate VPN access when required—staying secure is vital
3. Know when to switch between home internet or mobile internet
4. Use a separate home internet network for work to isolate personal devices
5. Ensure your home internet router password is long and strong (and use a password manager)
6. Know your bandwidth limitations
7. Monitor your internet bandwidth usage

Use a good set of headphones and a microphone.

You’ll likely need to communicate with peers, colleagues and customers frequently, so make sure you can be heard clearly. That means having a good set of headphones and a microphone (and maybe a webcam.) For many of us, working remotely includes remote conference calls, video calls, webinars, podcasts or even doing presentations. This means you don’t want unexpected echos, background noise, distant voices or just poor audio quality. Headphones also prevent others from listening in on your conversations. Always be aware someone may be listening when having sensitive conversations, and if in a public place, it might be better to reschedule to a time when you have some privacy.

• Over-the-ear headphones work best, but most designs usually do the job
• Always be attentive to who is around you when you’re on sensitive calls

Plan, plan, plan. Good preparation keeps you on track.

A great tip for working remotely is know what your priorities are. At the beginning of each week look at which tasks you must achieve. Along with prioritization, I usually block a period in my calendar every Monday to review what I achieved the previous week and to understand what must be completed before the end of the current week. It’s simply good practice to set aside time to prepare and rank your tasks. Use this time to determine whether you have everything you need or if you need to reach out to colleagues for assistance. Label tasks that can be done alone and those that require another colleague’s input.

• Review previous week’s work
• Prioritize tasks for week ahead
• Collaborate with colleagues on what you need from them
• Know what success looks like at the end of the week
• Celebrate success and learn lessons from failure

Time zones. Yes, this is the one I hate.

Probably one of the most challenging issues with working remotely is dealing with time zones. This causes the most confusion when scheduling meetings and knowing exactly what time people mean. Ensure that everyone is synced about which time zone everyone will standardize on, or be explicit if different. I tend to specify my local time zone.

Using Outlook allows you to add a second time zone, which I find very useful. Or, when scheduling meetings with peers I sometimes put a placeholder in my calendar to see exactly what time it is locally. Use tools to help you get the time zone right when coordinating with coworkers. Always be mindful of the location of the people you are inviting to conference calls—it’s never good to invite coworkers to a meeting at 2:00 a.m. (and then wonder why they don’t join the call).

• Know your colleagues’ time zones
• Have a common time zone culture
• Use tools to help you plan

Got family? Yes! We’re all human, and they will sometimes “join” your calls.

When working remotely you might find yourself in a situation where your family is in the background. This is completely normal. At Thycotic, it is not unusual to hear dogs barking in the background, or even joining in on our conference calls. It makes us stronger when we are open and understanding when remote workers have family and pets nearby.

• Crying babies happen: attend to their needs
• Screaming kids happen too: be attentive
• Barking dogs are part of life at home
• Cats walking on your keyboard? Yes, I have seen that happen too

Stay focused. Have clear goals.

It’s critical to know what success looks like for you, the team and the company.  Most companies have frequent meetings to align the team’s direction so they are aware of one another’s common goals. Every quarter I put my goals up on the wall behind my desk so they are always visible. And I adjust them; goals can be moving targets. It’s vital that remote workers are aware of the team’s goals, accept them and acknowledge them. This helps remote workers move forward on a clear path to success without the need for constant micromanagement.

• Have a clear set of goals and know what progress is being made
• Acknowledge your goals when they’re assigned
• Everyone should know the dependencies on one another’s goals

Communication is crucial to success.

Don’t underestimate the value of this tip: communicate frequently and use the tools available to you.

Today we have a rich variety of ways to stay connected and communicate with our peers, colleagues, partners and customers. Communication is one of the most important paths to success. Never hesitate to pick up the phone and call when all other methods are not successful. I always reach out when I need help or have questions. With so many tools available, we need to make use of them to communicate, such as audio and video, webinars, podcasts, collaboration tools, online meetings and messaging, etc. They are there to make your job easier and when working remotely, you should rely on them. Of course, it’s always important to have alternative options at hand. Technology can fail, so never rely on a single point of failure.

• Communicate frequently
• Use the tools available to help you
• If appropriate, use both audio and video
• Never hesitate to make a call

Some tools I use frequently to stay connected:

• Slack
• WhatsApp
• Twitter
• Email
• iMessage
• My phone to make an actual call
• Zoom or GoToMeeting

Security should never be optional, but it must be usable.

In today’s connected world, even for remote employees, third-party vendors, partners and contractors, information security must always be a top priority. Most organizations have employees who work remotely, use third-party vendors to help manage systems, applications, and infrastructure, or outsource some services, such as customer support or product development. Some companies might even be using Security as a Service (SECaaS) or Managed Security Service Providers (MSSP) to assist with some or all IT Security.

To learn more about Thycotic and Remote Vendor Secure Access, check out:
Limit access for third-party vendors without restricting their ability to get work done

For any remote worker whether an employee, third-party vendor, partner, or contractor, organizations must adopt the right security strategy so they can perform their business tasks and stay productive while at the same time reduce the risk of cyber-attacks. Our job in cybersecurity is to understand what makes the business and employees successful while using our cybersecurity skills to reduce the risks from cyber threats as much as possible. Security should never be complex, and it must be usable so employees will accept it.

• A Secure Workspace – How do remote workers access the company’s business applications? Is it by using a personal device (Bring Your Own device or BYOD model), a company owned laptop, or third-party supplied device? This really determines how much trust you have in the security of that system and whether or not a Zero Trust policy should be applied.

Read about Thycotic and Zero Trust here:
Can privileged access management (PAM) coexist with the Zero Trust Security Model?

• Secure Communications – When remote workers are accessing applications or systems, it is important that the communication between devices is secure, either using protocols that encrypt the data such as HTTPS or using a corporate VPN.

• Identity and Access Management – For remote workers, having the right access to the right applications is critical for success. A strong Identity and Access Management solution will help automate the ability to switch or provision remote workers to the appropriate access methods and technologies.

• The Principle of Least Privilege – Implementing least privilege means granting only the minimum permissions required by an end user, application, service, task or system to perform the jobs they have been assigned. Least privilege is intended to prevent “over-privileged access” by users, applications, or services to help reduce the risk of exploitation without impacting productivity or involving IT.

Want to know more about the Principle of Least Privilege? Download Thycotic’s free eBook Least Privilege Cybersecurity for Dummies.

Privileged access management secures access for remote workers.

When working remotely many employees will need to access business-critical systems, applications, infrastructure and data. Many companies have a hybrid scenario where some business applications are on-premise in the office or a company data center; others may be in a private cloud or public cloud; or the applications might even be truly Software as a Service (SaaS) based. It is essential that no matter where the remote employee might be, they can still securely access necessary business applications.

Privileged access management (PAM) is not just about securing privileged accounts in an encrypted enterprise vault. It is about the secure use of privileged accounts and secure access to privileged data and resources from any location, even for remote workers.

As more companies adopt PAM solutions, they become an important enabler of a holistic security approach that propels the evolution of PAM. This includes integrations across and among security solutions, such as connections to identity management solutions, systems management tools, multi-factor authentication, SIEMs, remote management solutions and DevOps.

PAM solutions enable remote workers to access applications whether in the cloud or on-premise, all while enforcing security best practices.

It is common for companies to enable access to PAM solutions via the internet, and combine authentication with single sign-on and strong multi-factor authentication (MFA).

Ensure your remote workers can stay productive and maintain secure access whether they are accessing remote systems, critical applications, infrastructure or data by using a PAM solution combined with MFA.

Learn more about using SSH Proxies or Jump Hosts with PAM.

Health and time are the two most important things we have in life; they should be a top priority for remote workers

The health of remote workers

Prioritizing your health as a remote workers is a best practice I cannot emphasize enough. While working remotely, it can sometimes be unclear as to when you are meant to be working and when you are not. Routine can help put structure around when you are working and when you are off. When I use my home office, I have a sign that says “working” and when reversed it says “playing.” This is also a good indicator for my family. Find a way to let your colleagues know what your working hours are. Get dressed in the morning, talk a short walk for some fresh air and have a set working time.

• Your health is important—create a routine and stick to it
• Take short breaks from the computer to stand up or walk around
• Use a proper keyboard and mouse, and buy a good chair
• Choose your working location carefully; try to include natural light
• Use your full lunch and tea breaks
• Socialize with people via online channels, such as Slack or Teams
• You don’t always have to work inside. Go outside and work from a park.

Self-development as a remote worker

You are in control of your time, and when working remotely it is important to continue your professional development by learning new skills and new ways to be effective. When working remotely, you must set aside sufficient time to learn.

• Listen to a podcast
• Watch a webinar
• Take an online course
• Read a book
• Have a mentor to discuss self-development

We only stay valuable when we continue to increase our skills and knowledge. The best skill we can learn in life is the ability to keep learning.

 As you can see, working remotely is possible but it requires self-discipline. You must take good care of yourself by creating and sticking to a plan when working remotely. In today’s world, it’s so much easier to be productive when working remotely and companies are now far more accepting of remote employees. Of course, we are going to find some limitations in the tools, so learning how to adapt and scale is going to be a constant learning experience.

I hope that these tips and best practices will help you become a better remote worker, especially during times of uncertainty. Stay safe, stay healthy—working remotely is possible with the right tools and the right mindset!