Remote work and IT security : 4 best practices
The pandemic has intensified remote work in corporations all over the world. This situation has also resulted in a major increased of cyber threats.
This is essential to adopt and ensure security best practices to consider telework environment with serenity.
1. Make your employees aware of risks
First of all, we must always make employees aware of the most common cyber risks such as:
• Phishing, which consists of sending a message to an Internet user in order to steal their personal information. It has hugely increased at the same time as teleworking and targets your professional mailbox to enter your IS.
• Data theft is an attack that targets your network or cloud, either to demand ransom, resell or distribute information. You can do this by compromising an employee’s computer or hack the company system.
• Ransomware: hackers can exploit a security breach in your IS or invite teleworkers to download a malicious attachment. The goal: to install ransomware on your network to encrypt or prevent access to your data in order to request a payment.
• Illicit request, by impersonating the manager or a trusted person in order to request a fraudulent transfer order.
2. Adopt security best practices
To enhance IT security, the use of personal equipment of teleworkers in a professional corporate IT environment is not recommended. You need to provide them with company tools, verified by your IT department. Next, you have to limit remote access to company resources. Everyone must be individually identified so that the source of a possible attack can be traced. Without forgetting that it is preferable to compartmentalize accesses to mitigate propagation risks. You can also invite telecommuters to connect to the company through a VPN or a virtual private network in order to encrypt all remote connections.
3. Update your security solutions
While it is recommended to install professional anti-virus software (different solutions can be used for the network infrastructure and for the workstations), it is also mandatory to regularly check updates, on every connections media.
Having a solid data backup policy that is carried out outside of the company network and with regular control of back up jobs is a must.
Finally, cloud solutions can also present a risk. So make sure that your supplier guarantees you a sufficient level of protection and appropriate configurations.
4. Involve your resources
Finally, it is important to involve all your resources around IT security compliance. Do not hesitate to allocate time to someone in your department to monitor activities remotely in order to identify any potential abnormal behavior.
In addition, training sessions for teleworkers are necessary to raise awareness on security issues and adopt the right behaviors. Management must also be aware of security best practices to ensure its adoption within the whole chain of command and adopt an internal process to react quickly and effectively in the event of an attack (business continuity plan, procedures, etc.).
Teleworking and its strong (and inevitable) development therefore present major challenges for IT (security) department. And IT security must be strengthened to ensure effective and peaceful development of teleworking.
Stay tuned for our soon arriving ebook on teleworks and IT security!
Contact our business manager to get more information on our security services and extensive partner networks solution.
Business Manager – Owentis Vietnam