The situation generated by COVID-19 has caused many companies to have to choose the telework modality in an urgent and hasty way. This modality was not contemplated in their contingency plans and has caused that in many cases the environments from which employees work are not sufficiently protected. This situation is an open door for cyber attackers, since they can access companies to steal information, infect or use whatever they want.
From Softeng, based on our accumulated knowledge and experience, we tell you about the main measures you must take to make teleworking safe for both your company and your employees.
Measures to be taken by the IT department
1. Establish corporate policies and procedures
The IT department should develop a secure teleworking policy that includes:
- Guidelines and rules for safely accessing corporate resources.
- Procedure to be followed by employees in the event of a security incident.
- Training all employees on the telework policy.
2. Identity protection
To ensure that the identity of users is not supplanted, our advice is to have a multi-factor authentication system (MFA). Thanks to this double verification system for access to company services, we will more effectively protect access to corporate resources, applications and help us comply with data protection requirements.
3. Equipment protection
In all equipment used by employees to access company information, IT must ensure that certain security measures are followed. If they are corporate teams, it will be feasible to control and secure them centrally and automated by IT, and in the case that they are personal, since it is not feasible to fully control them, IT must send users instructions on how to verify and / or apply the measures. minimal. These security measures are mainly:
- Latest updates of operating system and applications.
- Antivirus software.
- Secure settings in applications (web browsing, email, etc.).
- Updated certificates.
- Automatic lock for inactivity.
- Data protection through encryption.
Finally, to ensure that the aforementioned parameters are met and to avoid information leaks, it is advisable to have a comprehensive device management solution in a way that helps IT maintain control of both corporate and personal devices that are use to access company information.
4. Protection of applications and data
IT must implement technical measures to ensure that users access corporate data only through applications approved by the company and that the data is protected regardless of its location, whether on a corporate or personal computer. In addition, you should evaluate the convenience of applying data loss prevention (DLP) policies in the organization, in order to automatically and unattendedly prevent leaks of sensitive information by employees (whether by mistake or deliberate ).
5. Awareness of users
Make sure your employees are aware of the risks of teleworking, maintaining a continuous communication channel, for example, with recommendations on how to detect Phishing, avoid clicking on links from suspicious sources, main known attacks these days and in general, any which makes them understand the importance of being cautious.
6. Continuous monitoring of company security
Increase security event monitoring levels to quickly detect:
- Unusual remote activity
- Failed authentication attempts
- Alerts against VPN related attacks
Actions to be taken by employees
1. Awareness of users
Two of the best allies to help ensure the protection of the company are prevention and awareness, and both are the responsibility of the workers themselves. Before beginning to telecommute, the employee must ensure that he understands the company’s policies and procedures and the security risks that human failure can cause.
Cyber criminals take advantage of moments of crisis to increase their attacks and characterize emails with topics related to current affairs, so that right now it is very easy to receive an email that talks about COVID-19 and that is really a phishing attack. For this reason, they should pay attention to the links before clicking on them and never do so if the source of the links is not our trust.
2. Secure connections
In case of accessing remote services, do so only through secure protocols (HTTPS), access only known sites that use the https protocol, through secure connections and with certificates that are in order.
3. Equipment protection
Whether you are going to use company or personal equipment, it is necessary to make the environment in which you will work as private and secure as possible. Even if we are at home, it is important to secure our devices to prevent, for example, that another family member can access our devices and company information and, by mistake, delete information. For this reason, it is important to have locking mechanisms for the devices. Likewise, if we work with a corporate team, we must remember that making personal use of it can entail significant security risks.
Conclusions
The current landscape forces companies to be protected against security threats and to be able to quickly detect and respond to them, so you cannot risk it. At Softeng, we are committed to providing solutions to our clients and offering them our experience in this area, advising and accompanying you throughout the process to protect your company and your employees.
We want to help you!
In addition to these measures that we hope have been useful to you, we want to help you much more and for this, we have prepared a live demo webinar in which we will comment on the most common attacks that companies are suffering in this specific scenario of teleworking (the most without knowing it) and how we should protect ourselves to avoid them. Keep consulting this newsletter and you will discover all the details of the webinar. We will wait for you!
Do you want to know how we can help you? Contact us!