How to secure your data and communication when working remotely
The unprecedented rise in remote working following the Covid-19 crisis has led to a significant increase in attack opportunities for cyber criminals. Because all remote access occurs over the internet, any communication between teleworkers is susceptible to man-in-the-middle and eavesdropping attacks. Additionally, resources that are internal to an organization, when accessed externally, are exposed to a large number of new threats. Physical security of client devices, too, is a concern with devices used at home more likely to be stolen, misplaced, or misused than devices stationed within enterprises.
In order to help employers cope with the additional security requirements of remote work amid the coronavirus pandemic, cybersecurity agencies in many countries have released secure telecommuting guidelines.
- The European Union Agency for Cybersecurity’s (ENISA) Top Tips for Cybersecurity When Working Remotely,
- The UK’s National Cyber Security Centre’s (NCSC) guidance for organizations to prepare for an increase in remote working, and
- The United States’ National Institute of Standards and Technology’s (NIST) March 2020 Bulletin on Enterprise Telework and Remote Access.
The agencies’ best practice recommendations for telecommuting include the following:
Follow cybersecurity news from trusted sources such as:
Dealing with phishing attempts:
The anxiety surrounding the pandemic has given malicious actors the perfect opportunity to prey on people’s fears using phishing attacks. Here’s how to detect and prevent phishing attacks:
- Be careful when opening emails that mention the coronavirus. These could be attempts by cybercriminals to extract personal information from you. The NCSC’s guide on phishing attacks includes information about the telltale signs of malicious emails and how to make yourself a harder target.
- As far as possible, use separate devices for professional and personal activities. Do not use the same password for devices and applications you use at work and at home.
- Ensure that your wifi connection is secure.
- Update and patch your anti-virus and anti-malware software.
- Patch any other cybersecurity tools you have installed (browser extensions, etc).
- Remember to lock your screen when you step away from your computer.
- Always use a secure connection to your enterprise server.
- Install and properly configure validated encryption tools to protect data at rest on your devices.
- Disable services that you do not use.
- If you use video conferencing apps, double check your privacy settings. Turn on the camera and microphone only when necessary. Make sure all meetings are password-protected and can be joined by invitation only.
- Use MFA or 2FA and strong passwords for authentication and secure access to remote enterprise servers and web-based applications. Do not use the same password across devices and applications.
- Make sure you have a remote work security policy in place and that it is being enforced. The policy should ideally include information about administering remote access servers and what degree of access to provide to client devices.
- Make sure you have a business continuity plan in place.
- Prepare clear guidelines for employees to respond to security issues and emergencies.
- Educate staff on how to turn on and properly configure the encryption features on their devices.
- Use Mobile Device Management Software (MDMS) to manage the mobile devices being used to access remote servers and make sure there are tools in place to remotely lock these devices if needed.
- Make sure that remote access servers are secured. If possible, these servers should be placed within the organization’s network perimeter. They must also be fully patched and only be “managed from trusted hosts by authorized administrators”.
- Limit access to sensitive data on remote servers. Use a tiered approach to provide access to employees and devices, with the most closely controlled devices being given the greatest degree of access and vice versa.
- Make sure the Virtual Private Network (VPN) you are using for secure tunneling is fully patched and updated. Determine if you need additional licenses, capacity or bandwidth to meet increased demand for VPN access. If limited access affects the performance and speed of VPN, impress upon employees the importance of keeping communication and data sharing secure even if it is at the expense of speed.
To sum up, both enterprises and teleworkers must make efforts to keep their communications and enterprise data secure. While organizations need to make sure they have clear work-from-home policies and guidelines in place and that employees know what to do when they become aware of security issues; employees, too, must do their part in securing devices and applications that are not directly controlled by their employers. They must also keep themselves informed of the latest cybersecurity threats and phishing campaigns and try to stay one step ahead of bad actors.