Teleworking : The outbreak of coronavirus (COVID-19) has been officially classified as a pandemic by the World Health Organization (WHO), which means that the infection is accelerating in several countries at the same time. weather. Big companies like Google and Microsoft are encouraging or mandating their employees to work remotely from home. For many other companies and organizations, primarily SMEs , the situation is likely to be different.
To be productive, there are common requirements that all remote workers need: A computer, good Internet connection, chat and video conferencing apps, a dedicated workspace (preferred), and a phone (optional, since most chat apps allow direct calls).
It is important to highlight that companies and organizations must also prepare themselves and their employees to face the risks linked to cybersecurity with remote work.
Physical Security Of Company Devices
Whenever collaborators do not keep security measures in mind, they will be exposing company devices to greater risk. Devices should be protected against loss and theft with options such as:
- Strong passwords to log in, set the computer to sleep based on idle time, and don’t leave notes with passwords stuck to the computer, as a basic point.
Technological Environment Of The Home (Teleworking)
Ideally, audit your home environment for vulnerabilities before connecting your work devices, this is an excellent time to take steps to secure them with strong passwords and updating both firmware and software to the latest available versions.
Access To The Company’s Network And Systems
- The same security policy that is applied for a computer managed by the organization, if necessary, provides the user with a license for the same solutions used in the devices owned by the organization .
- Always use a VPN to connect remote workers to the internal network of the organization and thus avoid Man-in-the-Middle attacks, since the traffic will flow through public networks.
- Avoid the use of external devices, such as USB storage or peripheral devices. Limit the ability to store, download, or copy information, as a data breach can occur from any device that contains sensitive company data.
- Multi-factor authentication (MFA) ensures that access, whether to cloud-based services or full network access, is only by authorized users. Whenever possible, use an app-based or hardware token-based system to generate unique codes that grant authenticated access.
Collaborative Tools And Authorization Processes
Cybercriminals are likely to use the opportunity that many organizations implement remote work to launch Business Email Compromise (BEC) attacks . Make sure to use video conferencing/chat systems (Teleworking) as a formal part of the approval system so that validation is done “in person”, even when it is remote.
Training
There are numerous scams out there using the topic of COVID-19 in a variety of ways. Computer security awareness training are typically an annual requirement in offices and it would be wise to brush up to help avoid the human error that cybercriminals seek.
Support And Crisis Management
Supporting users working remotely is essential to ensure smooth operation, both with IT helpdesk and crisis management if they run into unusual issues or suspect they might be the result of a breach .
