Cybersecurity Best Practices for Securely Working from Home amid the COVID-19 Pandemic

On Monday, March 23, PA Governor Tom Wolf ordered residents in the seven counties hardest hit by coronavirus pandemic, including Allegheny County, to stay home for the next two weeks unless they have a dire need to leave their home. Earlier in the month though, the CDC recommended that gatherings of 50 or more people be stopped for at least 8 weeks. For the most part, any company that has the capabilities of allowing employees to work from home have been operating as such for the past 2 weeks or so. Restaurants and bars are only serving food by takeout or delivery. Only essential life sustaining businesses are allowed to remain open for the moment in PA.

Transitioning from a trusted office environment to a work from home policy can create security risks. So how can employers and employees maintain best practice cybersecurity measures while employees work remotely? In response to this, the European Union Agency for Cybersecurity (ENISA) has issued a series of tips and recommendations for companies moving to a remote working environment. 

They are urging employees working from home to not mix work and leisure activities on the same device. As far as it is possible, use corporate intranet resources to share working files. This ensures working files are up-to-date and at the same time, prevents the sharing of sensitive information across local devices. Data at rest should be encrypted (including local drives), antivirus must be installed and fully updated, operating systems should be up-to-date and virtual meeting URLs should not be shared on any public channel.

As for employers, they need to ensure corporate VPN solution scales and are able to sustain a large number of simultaneous connections. They should provide video conferencing for corporate clients and ensure all corporate business applications are accessible only via encrypted communication channels (SSL VPN, IPSec VPN). All applications portals should be secured using multifactor authentication mechanisms and direct internet exposure of remote system access interfaces should be prevented.  Where possible, provide all employees corporate devices with up-to-date security software and patch levels. Ensure adequate IT resources are in place to support staff in case of technical issues (and make sure they know who to contact) as well as policies for responding to security incidents and breaches are in place.

The ENISA has also observed an increase in coronavirus-related phishing attacks. Due to the increase in phishing attacks related to the coronavirus, it is important to step up our cyber hygiene. As one should be in any situation, always be suspicious of emails that ask to check or renew any account credentials and those regarding references to the coronavirus should be navigated with extreme caution. Remember, emails that create an image of urgency or consequences are typical of phishing campaigns. Be suspicious of any email from someone you don’t know and always verify the source of an email before clicking any links or providing any information. If you are not expecting an email or it is asking for account credentials, contact the organization or person the email appears to be from in a separate communication. Emails from people you do know but are requesting unusual things (something you wouldn’t typically expect) are indicators as well, remember you can always call them to verify they sent the email.

Download our How to Avoid COVID-19 Scams infographic to keep security awareness top-of-mind during this pandemic.


Please visit our Coronavirus resource page for related content.

How Can Schneider Downs Help?

The Schneider Downs cybersecurity practice consists of experts in multiple technical domains. Learn more about our cybersecurity firm and services at or contact us at [email protected].

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2022 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Apache Log4j Vulnerability Update – Remediation Tools and Patches
Apache Log4j Vulnerability Update – CISA Issues Emergency Directive
Apache Log4j Vulnerability Update – Government Responses and Ransomware Activity
HR Management Software Provider Kronos Hit by Ransomware
Apache Log4j Vulnerability Update
What Caused the Recent Amazon Web Services Outage?
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.