When it comes to information security in the corporate environment, it is customary for companies to comply with all necessary precautions to ensure continuity of operations. Routine backup, encryption, training for good team practices, protection against malware … everything must be considered. But what about in times of COVID-19 and remote work? How to proceed?
While most large organizations already have policies and the infrastructure needed to provide a secure home office for employees, the situation tends to be different for small and medium-sized businesses.
Next, check out 6 tips to prepare employees and face cybersecurity risks in remote work!
COVID-19 and remote work: how to keep processes safe?
1. Establish terminal protection for home users
As could be expected, managing home computers is more complex than controlling equipment in the company environment. Here, it is recommended to implement an antivirus tool for all machines that access business applications. It is also worth analyzing whether it is interesting to use cloud resources to monitor workstations.
At this time, it is also important to survey the licenses required to access computers that do not belong to your domain. To facilitate the configuration of remote access, bet on tools such as LogMeIn Rescue or Splash top SOS, allowing the IT team to remotely help employees with the task.
2. Reduce care for access to the company’s internal network and systems
First, analyze whether there is a need for employee access to the company’s internal network. In many cases, employees are able to perform their work only with access to email and cloud services.
If necessary, investigate whether the employee’s level of access can be reduced during remote work. In such cases, the ideal is that he makes use of a computer belonging to the company, allowing total control of the device by the IT team.
Also, don’t forget to use a VPN or how to torrent anonymously to connect remote workers to the company’s network. Care avoids attacks, given that traffic includes public networks at work from home. The use of other devices (such as a USB stick and other forms of USB storage) must also be controlled.
What if the remote employee is going to access email and cloud services with their own computer?
In such cases, it is essential that the employee’s device meets the same security policy as a company computer. This goes for firewalls, anti-malware features and more. If necessary, offer the employee the same licenses for solutions applied to the company’s machines.
Another recommended action is to limit the ability to download, store and copy information – this is because attacks and leaks can occur on any device with sensitive business data.
It is also worth mentioning a very interesting long-term solution: using virtual machines to grant users access to the web. This care ensures that the employee remains in a controlled environment, in addition to reducing the vulnerability of the corporate network to the home environment.
3. Bet on multi-factor authentication (MFA)
The multi-factor authentication feature allows access to applications and company data to be made only for authorized users. Security applies to both the internal network and cloud-based services.
Among the most advantageous MFA systems are the hardware token or the use of applications. With the need to speed up protection, the application-based system tends to be a good way, eliminating the need to acquire and distribute hardware.
4. Educate the team about the current scenario and best protection practices
In times of COVID-19 and remote work, the number of scams that take advantage of the moment of crisis has increased, including phishing and other virtual threats. It is essential to educate employees about this reality, avoiding opening and clicking on suspicious emails and accessing only the official portals on the subject.
Other security precautions must be taken, including logging out when the computer is not in use, applying strong passwords at startup and setting times for machine suspension based on downtime. In addition, software must always be updated to its latest versions.
5. Promote appropriate team support during remote work
Do not neglect the necessary access of the team to the IT support team. In the midst of the uncertainties of remote work, doubts and problems in operations may arise (including when it comes to security measures).
In this sense, establish clear protocols and channels of interaction with support employees, facilitating the communication of possible problems and doubts in daily life. The IT team must also be prepared for an eventual need for remote crisis management (in case of more serious problems such as data leakage, for example).
6. Learn from the current situation and plan for future scenarios
Although the current moment is full of insecurity, fears and doubts, it is also a real opportunity to analyze whether your business is prepared for emergencies and for the remote work model.
Thus, take advantage of the atypical routine to review security policies, align communication between the team and identify protection failures in networks and devices.
for more articles visit this website