Cyber Security for Remote Workers
Social distancing rules resulted in a larger number of people working from home, making video conference calls, managing documents and conducting their daily business online.
With the increased amount of remote work comes an increased cyber security risk for both the company and your personal information. Without proper IT asset management, there are major dangers that must be mitigated.
In our previous post on ‘COVID-19: How Digital Transformation Can Improve Business Continuity‘, we already provided some practical recommendations with regard to Cyber Security and working remotely.
Now we want to zoom in further on some of the related risks.
We invite you to take our cybersecurity self-assessment survey to evaluate your current level of control of cybersecurity risks.
To help you reduce the security risks while working from home, we share some key considerations to strengthen your digital workspace.
Using personal or non-hardened company devices?
When saving files on a personal device, your company does no longer control the data. This might result in data privacy and cyber-security incidents.
- People are saving the files they work on directly on their computers, or do they only access them via a secure portal?
- Are you using validated encryption software to secure the data stored on the device?
- Proper tools are available to facilitate secure file sharing to protect your company information?
Backup mechanisms are in place.
Did you consider a proper Disaster Recovery Plan (DRP) and more specifically a corporate or centralized backup solution for the locally stored corporate documents when using personal devices? If not, you might not be able to retrieve data in case of a disruption.
- Tools and mechanisms are available to your employees to ensure company data is properly backed up from their personal devices to your company data repository (cloud or on premise)?
Antivirus software is up to date
Being able to install any software on your personal device and using the computer for personal purposes (browsing, video streaming…) will increase the risk of exposure of your company to viruses and malwares.
- Proper antivirus and antimalware programs are installed with frequent scheduled antivirus scans to reduce your infection risk?
- Devices are up to date with most recent security patches and upgrades? Consider updating things like your operating system, antivirus and antimalware programs.
Ensure that all types of telework client devices are secured, including desktop and laptop computers, smartphones and tablets.
How secure is your (home) network?
Protected WiFi network
Having an unsecured or open WiFi network makes it possible for malicious people to logon to your network and access your devices and documents. Your router checks all incoming and outgoing traffic and controls access to your home Wi-Fi network and through that of your phones, tablets and more. Unauthorized access can compromise all those devices.
- Did you already consider the password management of your WiFi network? It is a good idea to change the WiFi password on a regular basis. We also recommend changing the password on your WiFi router and access points.
- The firmware of your WiFi router is up to date? This means you’ve got the latest bug fixes and security patches
VPN to connect to your company applications
When using VPN software, data transfers from your personal device to the server of your company are encrypted.
- Proper Virtual Private Networks (VPNs) are implemented to connect to the organization’s information technology (IT) network?
- Multifactor authentication (MFA) is enabled? MFA is a secondary means of verifying a user’s identity besides a password.
What about my file sharing applications?
Adequate security controls are in place.
- How do you manage user accesses to the data stored in the cloud environment?
- Do you have monitoring controls in place to prevent unauthorized sharing of critical data?
Loss of Data privacy
Ensure proper authentication controls
- Do you enable multifactor authentication? Two-factor authentication adds an additional layer of protection, since it requires an additional action beyond entering a password.
- Do you apply unique and complex passwords to your accounts? Using a ‘password manager’ tool can help you a lot.
Ensure encrypted internet connections.
- Verify that data transferred between your browser and the website is at all times encrypted using SSL encryption (i.e. the site is using HTTPS://)
Use chat and video apps with strong encryption.
Recently, security breaches were raised related to the use of Zoom which provides a cloud platform for video and audio conferencing. Credentials belonging to more than 500.000 Zoom users were stolen and sold on the dark web.
- Using Apps like Skype or Teams which have increased security.
Be aware that assuring your cyber security and data privacy are not a one-size-fits-all. Numerous considerations need to be taken to identify the best approach to reduce your cyber-security and privacy risks, while working remotely.