How to save a career and not be considered a fool? Cyber security rules for remote work

Not so long ago, we already talked about the fact that the coronavirus pandemic has unexpectedly greatly affected where and how we work. Many employees, having once tried to work from home, appreciated all the advantages of “remote work” and would like to maintain the same mode after quarantine. The advantages of remote work turned out to be close to many companies (of course, because it is much cheaper to support remote workers), and they began to report relaxations in the rules regarding remote work. In particular, Facebook , Twitter , Apple , Square and a number of other large IT companies have already announced support for the movement in this direction .Thus, even despite the gradual easing of quarantine restrictions, it is safe to say that by the end of 2020 there will be noticeably more remote workers in the world than at the beginning of the year. And despite the fact that the mass transition of office workers to remote work has long been brewing and is generally perceived with optimism, the transition to remote work also creates additional difficulties for many companies. The deterioration of cybersecurity is one of the main problems that the mass transition to remote work has brought to companies.

Dangers and risks for businesses associated with remote work

According to a recent study from OpenVPN, more than 90% of IT professionals believe that remote workers in their company are not sufficiently protected in terms of cybersecurity, while 70% believe that remote workers carry more serious risks than ordinary office workers. Here are just the most basic cybersecurity challenges businesses face with remote work.

1. Access to corporate data through unsecured home Wi-Fi networks.

   Very often, remote employees connect to corporate networks and use work accounts through unsecured public Wi-Fi connections. This makes it easy for attackers to access their connections and steal sensitive information. Data that is sent unencrypted over regular Wi-Fi networks is very easy to intercept. That is why remote workers are advised to connect to unknown Wi-Fi networks only when using a VPN.

2. Use of personal devices for work.

   46% of company employees surveyed admitted to transferring files from work devices to home devices at least once. It is easy to understand that such practices lead to a number of risks. For example, a home device with sensitive company data might be stolen, or an employee might just quit, leaving corporate data on their home device. And if the device software is not yet updated in a timely manner, this opens up a whole bunch of different kinds of vulnerabilities.

3. Non-compliance with the confidentiality regime and disclosure of corporate data in the course of work.

   Despite the fact that cybersecurity vulnerabilities are the most common cause of information leaks and hacking of corporate networks, problems often arise simply because of non-compliance with the minimum rules for safe and confidential work. For example, when an employee discusses work projects loudly on the phone or works in a public place so that other people can see his computer screen. Many go off altogether, leaving their devices unlocked.

4. Use of third party tools and platforms.

   Another harmful and very dangerous phenomenon, not only in terms of business processes, but also cybersecurity, is the use of third-party tools and platforms by remote employees of companies in their work. If, for example, an employee uses an old version of a poorly protected messenger, stores files on a suspicious and little-known cloud platform, or uses open software products with poor protection that are not approved by the company, the risk of leaking corporate information, which is already rather big, increases significantly.

5. Failure to comply with corporate cybersecurity regulations and leak reporting.

   Many small companies don't have any cybersecurity rules at all, and even when they do, they are often ignored by employees. Especially when it comes to reports of information leaks, which were not large enough, according to the employee.

How to strengthen your security while working remotely?

Despite the fact that confidential data leaks primarily harm companies, for the employee who leaked, this also does not bring anything good, and threatens at least the reputation of a careless fool, and at the maximum - dismissal or even, in some cases, prosecution. Let's go through the most basic cybersecurity tips and tricks for working from home.

• Security of network connections.

  Since the vast majority of remote workers use unsecured public Wi-Fi networks to connect, the first and foremost recommendation from experts is to use a VPN for work, always and without exception.

  “Always use a VPN when connecting to your organization's internal network. This helps prevent most man-in-the-middle attacks. Also make sure your VPN is updated regularly, and be sure to use multi-factor authentication as another layer of protection,” advises Guy Bruneau, senior cybersecurity consultant at Canada-based IPSS.

• Work device security.

  In some cases, employees simply have no choice and are forced to use personal devices to complete tasks. However, the very fact of using personal devices at work is one of the main sources of problems.

  “It is desirable that employees have access to the internal network of the organization only from devices owned by the company, and all these devices are under the control of the technical support team. If an employee is forced to use a personal device, it should at least be pre-screened for underlying vulnerabilities. It also makes sense to limit the ability to store, download and copy data to personal devices,” said Tony Anscombe, Chief Security Evangelist at antivirus developer ESET.

• Authentication and authorization.

  Of course, remote work greatly increases the need for multi-factor authentication, access control, and strong passwords.

  “Make sure you use strong firewalls and passwords when accessing company systems. Find a decent identity and access management software solution that can help you automate switching and granting different levels of access and technology to remote workers,” recommends Joseph Carson, Principal Security Officer at Thycotic.

• Protect communication channels and collaboration applications.

  The rise of messaging and collaboration apps like Microsoft Teams, Slack, WhatsApp, and others has created yet another channel for hackers to access corporate networks and sensitive data relatively easily.

“One of the problems with platforms like Microsoft Teams or Slack is that they were never designed for secure corporate use, and therefore cannot guarantee the security of the data transmitted through them. Therefore, it is important to pay as much attention as possible to the control of the use of these platforms,” said Anurag Lal, President and CEO of NetSfere.

Short Tips

That was the basics, and here are some more short tips to follow when working remotely so as not to be in the unpleasant role of a fool who framed his company through carelessness.

• Be careful with email.

  Email phishing is still one of the main and favorite methods by which cybercriminals infect computers of ordinary users with malicious code and find victims of attacks and data theft among companies.

• Encrypt important information.

  Important information primarily includes personal, medical, and financial information that may be stored on remote devices. Full-fledged encryption in most cases helps prevent leakage if the storage media is lost or fell into the wrong hands.

• Be aware of your surroundings when working in a public place.

  If you work in a coffee shop or other public place, it always makes sense to make sure your laptop screen is not being viewed by other people.

• Monitor the physical security of your devices.

  Never leave your laptop or other devices in your car, remember to close the doors and windows in your home, and follow other basic tips to help reduce the chance of your device being stolen.

Cybersecurity at a distance: words of experts

And finally, we will share a number of recommendations and comments on the topic from authoritative experts. “New information about vulnerabilities in IoT devices is constantly emerging. I think now is a great time to start strengthening their security with strong passwords and firmware updates. It is also a good idea to install a special application on your devices to monitor home networks for vulnerabilities, outdated software versions or weak passwords that need to be changed,” said Barbara Rembiesa, President and CEO of the International Association of IT Managers. assets. “If your organization does not have plans or policies for cybersecurity, now is the time to develop at least basic guidelines, relating to remote access to company information systems and the use of personal devices by employees for work,” recommends Christopher Bontempo, an attorney at Mintz law firm. “As a general rule, company data should never be downloaded or stored on personal devices or cloud services, including employee computers, USB drives, and personal accounts in services like Google Drive and Dropbox,” Bontempo added. “To increase the level of security, companies can prohibit the use of popular but poorly protected communication methods. True, it must be recognized here that people will inevitably circumvent such restrictions, if possible. For example, quite recently I was mistakenly invited to a closed WhatsApp group of a Fortune 500 company, despite the fact that the company itself restricts the use of this messenger. Therefore, it is very important to establish another additional layer of security for such cases. One of them is education. It's important to educate employees about what data is particularly important to the company and therefore should never be compromised,” said David Creelman, chief executive of recruiting firm Creelman Research.