Cybersecurity in a Mass Remote Working World
Considerations to Secure and Protect Systems and Data
03 November 2020
Remote working has become more common during 2020, and in a mass remote working environment, cybersecurity concerns have never been more important. There are critical steps for companies to take to ensure the safety and security of their systems, networks, employees and customers.
Locking Down Your VPN
More companies are using virtual private network (VPN) technology than ever before. While offering a convenient way for employees to work remotely, this technology also serves as a high-profile target for hackers, so securing the data transmitted on the VPN should be a priority. There are several steps to take to help keep the VPN locked down. First, use certificate authentication and the native client. Additionally, use a forced VPN that automatically connects so you ware not relying on employees remembering to connect. It's also important to avoid split tunnelling where possible.
You should also ensure that the connection is indeed "invisible" to the wider internet and check the authentication to ensure these elements are strong enough to protect the data therein. Run tests to identify systems and known vulnerabilities against VPN systems to help strengthen encryption.
Remote Working Etiquette
Whether working onsite or remotely, security guidance should continue to observed including: using existing software systems and implementing controls around software downloads, locking workstations, implementing a clear desk policy, and enacting a password policy for systems and shared documents or files with sensitive information.
Employers should share guidance regarding best practices for passwords with employees. Passwords should be harder to guess, as random as possible, include numbers and special characters to be stronger and ideally implement a passphrase strategy so it's also easy to remember. Passwords for documents and files should be shared via text or phone call, not online.
General cybersecurity concerns not only remain but should be heightened at a time when remote working is higher. Phishing campaigns, clickbait and hoaxes rise as criminals look to take advantage of global situations. During COVID-19 alone, this type of activity was seen in relation to false cures, tax refunds, economic relief, false advice, "high risk" places being identified, calls for donations and more.
Guidance for employees and companies remains the same with remote working: report phishing emails right away, don't click links unless you are 100 percent positive it is safe and secure and you know where it came from. Report any accidental clicks. Don't let curiosity overpower common sense and don't believe everything you read online or in an email.
Testing & Assurance
It is critical to continue with planned testing and assessments, such as penetration testing or red team assessments. Do your testing offsite using an augmented approach, creating a virtual testing machine "inside" your network. This will increase traffic on your network so consider bandwidth limitations and conduct testing during off-hours if necessary.
It's also important to continue with testing and releasing new rollouts, security updates, app/website changes and updates to ensure the safety of your network, products and data. Also, continue with security awareness training for your IT staff and all employees. This step is even more important in a remote working world.
One of the realities of the "new normal" brought about by the COVID-19 pandemic is remote working and telework. Even as the crisis abates, employees should expect remote working to continue in the future. Taking these steps to ensure the security of your network is important today and will continue to be in the future. Learn more about the ideas presented here and more insights on cybersecurity for remote working in our on-demand webinar recording.
Account & Training Manager
James Richards has been with Intertek NTA for five years and has delivered numerous staff security awareness training sessions across multiple sectors. A core topic of these sessions focuses on secure password guidance designed to improve risk management at all levels of business.