For several years, companies of all sizes have been enabling their employees to work remotely. Despite many years of experience, many companies are still not fully prepared for this type of work. This creates a potential opportunity and increases the risk of cyber attacks.
Companies aware of cyber threats attach great importance to having their own and managed company devices, equipment and systems that protect access. However, many companies may still find that they do not need or have the ability to develop and improve this type of infrastructure. It should not be like this. Every organization, even the smallest, being aware of cybercrime and the risks associated with it, can take proactive steps to increase the security of their company’s information and data.
All it takes is a few basic steps to make cyber attacks more difficult with a smooth transition to remote work.
- Devices issued or approved by the company.
Business documentation must be under the full control of the company on company devices or those that have been checked and approved by the company – this ensures the security of information flow and storage, does not complicate the company’s operation and its processes resulting from the provisions of the GDPR, protection of trade secrets, confidentiality agreements documentation retention rules.
- Company devices are for business purposes only
Implementation of a ban on the use of private e-mail or other non-business use.
- Control over the security of company devices
All devices should have up-to-date antivirus and anti-malware solutions installed. All updates and security patches should be regularly checked and installed.
- Confidential data encryption
Data sent and stored should be encrypted – this is additional security when remote employees work in less secure home networks or during a business trip. It is a good practice to implement a virtual private network (VPN) with multi-factor authentication, which protects these connections and significantly increases security.
- Password strength
Requiring employees to enter and use strong passwords, preferably several to several dozen characters with a combination of uppercase and lowercase letters, numbers and special characters. The use of ready-made password management solutions that will help generate and “remember” passwords that are difficult to break increase the security of access to company resources.
- Device locks after a short period of inactivity
Devices should have the lock function always on and the sleep time should be optimal.
- Employee education
Training increases their vigilance and makes them aware of existing threats. Employees must remain vigilant and follow best practices when working remotely: be careful before clicking links or attachments in emails. Even if the sender appears legitimate, if in doubt, verify the authenticity of the message. You must not provide personal or company information in response to a phone call or email that has not been confirmed/verified in advance. And never provide usernames or passwords for devices, systems or applications.
The ultimate goals of information security are confidentiality, integrity and availability – ensuring that remote communications are private and unaltered and company resources are available. By following the guidelines above, you can help your company create a safer, more functional remote working environment.