While work from home (WFH) ostensibly protects workers safe from COVID-19, it has exposed them and their companies to a bevy of cybersecurity risks – now a coalition of 13 nonprofit organizations are offering if not a cure, then a treatment, through a Work From Home. Secure Your Business campaign.

The campaign focuses on common simple actions to secure remote workforces that members say can greatly reduce cyber risk.

“The biggest new risks stem from the fact that are remote from your co-workers and outside the security provided by a business network,” said Phil Reitinger, president and CEO of the Global Cyber Alliance, a member of the group and the recipient of the 2020 SC Awards Editor’s Choice. “Being outside the business network means that you may not nearly as protected – for example, there is likely to be less effective security monitoring. Personally, I worry most about increased phishing.”

Coalition members

  • The Cyber Readiness Institute (CRI)
  • Cyber-Sicherheitsrat Deutschland e.V./German Cyber-Security Council
  • Bestyrelsesforeningen/Danish Board Leadership Society
  • Cybercrime Support Network
  • APWG
  • APWG.eu
  • CyberGreen
  • Cyber Threat Alliance
  • Aspen Digital, a program of the Aspen Institute
  • Adaptable Security
  • Scottish Business Resilience Centre (SBRC)
  • Telecommunications UK Fraud Forum (TUFF)
  • Global Cyber Alliance (GCA)

Reitinger said “the campaign is intended for any organization that now finds itself with a remote workforce and may not have been fully prepared from a security standpoint.”

All participating organizations will push the campaign out on social media and “are welcome to provide content and share their own resources they may have created that address securing the remote workforce,” he said.

GCA has set up a Work From Home Community Forum to address questions that arise. Experts from the association and other coalition members are available to answer questions and offer guidance.

To get started, the coalition recommends that organizations:

  • Update personal and company systems and applications
  • Implement two-factor authentication for access to company services
  • Use a protective DNS service such as Quad9