As organizations shift to remote work during the viral outbreak, employees become vulnerable to cyber attacks if they are working outside of a secure network. This raises concerns for IT Security professionals. Some of these challenges include establishing a secure connection through all employee devices and keeping up to date with security patches and updates. It is crucial for all employees to be aware of security risks when working from home in order to ensure business continuity. Take these steps to securing your company’s data while working remotely.
1. User Education
Employees are often the main target for cyber crime. One crime cyber criminals often engage in to access a company’s network is phishing. A common example of phishing is when an attacker sends out an email to an employee, posing as a legitimate person or organization, and persuades the employee to click the attached link. Employees are often tricked into entering their employee ID and password.
Users should be trained on what a phishing email looks like and who to report to if they receive a suspicious email. Cyber criminals take advantage of employees that work from home, as there is usually less security in one’s home than at the office.
2. Secure Workspace
Ensure that employees are practicing physical machine safety as much as cyber safety. Employees should not work in a public area if they are working with sensitive information and should always lock their computers when unattended. Although working remotely takes place of working in the office, employees should continue to use best practices for physical machine safety.
Employees should also ensure that they are working through a secure connection. Employees should avoid working on public WiFi and should always use a VPN connection if the company has one. IT Security should make certain that VPN patches are up to date.
3. Monitor and Log
As employees will be accessing the company’s network from a number of endpoints, it is important to perform continuous monitoring and logging. The IT Security team should be notified immediately when an untrusted connection is made, and respond quickly to the alert.
4. Review Company Policy
Policies and procedures should be reviewed by all employees before starting to work remotely. This will provide guidelines when working from home. Some policies to review include:
– Access Control Policy
– Mobile Device Management Policy
– Alerts & Notifications Policy
– Network Security Policy
– Physical Access Control Policy
– Transmission Security Policy