More and more companies are opting for working remotely around the world. And at times like today, with the COVID-19 pandemic, it is no longer an option. Cybersecurity has turned into a fundamental requirement to continue functioning without compromising employee’s health. So the question is… How do companies take the necessary steps to stay active and safe at the same time? Are employees aware that the task of keeping data secure is now in their hands?
How can Wi-Fi Compete With 5G? Having faster access from your phone will make residential Wi-Fi disappear? Find all the answers in our blog post 5G, the New Challenge for Wi-Fi
Keep in mind that sensitive information is leaving the company’s safe environment to be distributed among its employees’ homes.
Apparently, employees’ cybersecurity education is key. Awareness and prior and continuous training of employees becomes a fundamental element. Ensuring that a number of good practices are followed (do not open emails from unknown or suspicious senders, or download attachments from emails with these same features), hard drive encryption, accessing company data via VPNs, the use of private Wi-FI networks, maintaining secure, periodic passwords, among others, are also of utmost importance.
For some employees, these measures are much simpler because they either have practice in working remotely or have ventured into it for some time. It is not the same to adapt to working remotely for an IT branch employee, who usually maintains this type of practice, as for a call center employee, a government officer, or another person from a much more diverse industry.
According to experts, the basic premises of considering working remotely without falling into the hands of cybercriminals should be:
While working remotely, access the company’s system using private Internet connections
In addition to VPNs (Virtual Private Network), encryption, and security technologies for the connection.
Establish which data requires the most protection
Not all employees should access all the information and assets of the company.
It is necessary to determine roles (the specific information that can be accessed by each of the profiles of users); as well as allowing connection to devices where cybersecurity and protection tools can be applied, which have up-to-date security software.
In this sense, it is advisable for companies to equip their employees to work remotely, with equipment adapted with cybersecurity protocols.
Employee access to company systems must be made by identification (user and password)
Either to the VPN or to the computers under remote control. Access could also be implemented using digital signatures or other multi-factor authentication.
Using a second or threefold authentication factor (a term that refers to an environment’s ability to verify that a user is who they claim to be actually) reduces the risks of being breached by third parties in the event of user theft and passwords in the use of pishing.
The three large families of authentication schemes should always be considered:
- Something we know, such as a password or a PIN code.
- Something we own, such as a credit card or an RSA token.
- Something we are (biometric authentication), such as hand shape or fingerprint.
Awareness of good cybersecurity practices among workers
Now that working remotely has been imposed for the first time in many companies, and almost massively, it is necessary to establish and remind employees of the minimum safety guidelines in their day-to-day life. Keep strong (not stored) and well-protected passwords (not written on a post-it on the monitor, or written on a blackboard, notebook, etc.), log out of the web applications as well as the PC as long as nobody is in front of it.
I will now share a small risk analysis (see Table 4) on some of the potential vulnerabilities to which companies are exposed to. The responsibility for these mitigations should be taken by employees in their homes since the company’s information leaves the secure environment to be distributed on the computers of employees – and what the impact of them could be. While there are companies better prepared for this new mode of work, with more trained personnel, there are others that are just entering it, so the risks will be analyzed in the general spectrum.
The scores in the risk analysis table are specific to my analysis and that they encompass, as I mentioned, the global score of the companies/people that adhere to telework today.
Keep in mind that not all employees generate the same degree of security awareness and what it implies, and some companies may consider staff awareness as not-so-important, so this analysis, I repeat, is very global, and each particular case must be studied individually.
These are the reference scales used.
They are considered very severe or catastrophic to risks 8, 9, and 10 (so they are colored red).
Medium risks, 5, 6, and 7 (colored yellow), and low or very low, 2, 3, and 4 (colored green). Risks are the sum of the value assigned to probability plus the value assigned to impact.
How can Wi-Fi Compete With 5G? Having faster access from your phone will make residential Wi-Fi disappear? Find all the answers in our blog post 5G, the New Challenge for Wi-Fi
As you can see in the analysis, if employees become aware of safety, risks are greatly reduced without the need for large investments or complex solutions.
Employees should be aware, among other things, that once information leaves the company, the responsibility to keep it “safe” moves from the company domain to each other’s domain.