Telework: Five Business IT Security Considerations
With the pandemic, telework was introduced at a breakneck speed in many organizations, which have seen their IT security risks increase.
Attempts at phishing, ransoming and other data theft or malicious traffic disruptions have increased as fraudsters are taking advantage of the vulnerabilities resulting from people working from home.
In order to avoid high costs for your organization and the loss of customer confidence, it is essential to secure your data, monitor your networks’ security and have a cybersecurity plan to effectively and quickly respond to and mitigate cyber attacks.
To help you assess the situation, here are five aspects to keep in mind to ensure that your organization is minimizing its IT risks.
1. Adopt a policy on the use of computer security equipment
Make sure that all devices being used, including mobile devices, are designated for the worker and used only for the worker’s job. Additionally:
- Use a virtual private network (VPN) that secures access through encrypted authentication and encrypts sensitive data;
- Limit users’ ability to add applications through whitelisting (preapproved security applications) by controlling installation permissions;
- Provide a firewall—a barrier that filters incoming and outgoing data;
- Protect your networks and devices with a professional IT solution;
- Use a mobile device management solution to protect mobile devices from loss, theft, damage and unauthorized access;
- Ensure that all devices (personal or business-owned) that remotely connect to the entity’s resources meet the security requirements of the information security policy: for business-owned devices, the IT department must ensure that only software authorized for use on the entity’s resources is installed.
2. Safeguard data access
Make employees aware of the importance of best practices and implement secure user authentication mechanisms:
- Consider using multi-factor authentication (MFA) for all high-level access and access to sensitive data, applications and mission-critical environments;
- Include a screen saver with automatic lockout;
- Install regular automatic updates to anticipate security breaches;
- Disable wireless access to unused devices;
- Put advanced antivirus and anti-malware software on all devices that have access to the entity’s environment and data;
- Ensure that all sensitive data communications are encrypted (including email communications).
3. Train employees on working remotely
Provide ongoing training to make employees aware of key security issues and remind them of good practices:
- Detecting fraudulent emails and phishing attempts;
- Using a strong password;
- Never leaving a device unattended;
- Using a secure wireless network;
- Quickly contacting a resource person in case of a security issue, such as a lost device or detection of a problem (provide emergency contact information).
4. Protect information and store it in a secure environment
This is important at all times, but when everyone is working from home, the stakes are even higher: it is essential to provide a data backup environment.
- Back up data regularly by making copies that are stored securely and, ideally, in a cloud environment so that they can be accessed from any secure device;
- Limit employee access to the information they need to do their jobs. Limit access to the required individuals only or, in accordance with the “minimum privilege” principle, to minimize the risk of unauthorized access to sensitive data;
- Ensure that sensitive information is encrypted (e.g. intellectual property, personal identification information, registered credit card numbers, health care data): only access secure sites (HTTPS protocol) using devices provided by the employer.
5. Prepare a contingency plan: respond, manage, mitigate and recover
Whatever their size, all organizations are at risk of one or more cyber attacks during their lifetime. Unfortunately, this is even more so in this day and age, as malicious individuals are taking advantage of teleworking to infiltrate loopholes. It is essential that you have a contingency and risk prevention plan in the event of phishing, ransomware or other fraudulent attacks to:
- Assess potential threats;
- Closely monitor attack attempts;
- Anticipate the measures to be taken to protect your systems and data;
- Ensure that records are captured and monitored;
- Rely on professionals to anticipate risks and assist you in monitoring and responding to cyber attacks.
Keep your business out of the reach of fraudsters. We can offer solutions adapted to your organization and the assistance you need.