Cybersecurity

A Checklist for Shifting to Secure Remote Operations

There’s been a lot of information recently on the soft side of our new remote reality, like how to focus, retain productivity or simply stay sane. And though itimportant to support people in a suddenly shifted perception of regular life, there is another business-critical perspective to grasp: Some companies are facing remote work reality for the first time ever. People who never freelanced or had remote jobs and colleagues first must first overcome a few technical challenges before they can even start thinking about productivity.  

Some companies have certain degree of flexibility when it comes to office space and can therefore provide every mean possible for the employees to work from any part of the world and deliver results successfully. However, many companies are still tied to the physical office space and have never been flexible in providing possibilities for employees to work remotely. This post is for them. 

Our recommended action plan is crucial, doable, and it might save your data, reputation and place under the sun. We are listing only the necessary steps here to ensure your business is not interrupted by cybersecurity threats (or at least keep you and your company as safe as possible), and that processes stay consistent. 

Using a VPN

A VPN ensures (or does its best to ensure) secure endtoend communication between remote locations: your client at home and server, possibly VPN gateway. Using company-provided VPN is one of the first and most important recommendations for remote work. A VPN ensures security of endtoend communication as opposed to using Remote Desktop Protocol (RDP). 

Important: VPN servers must be kept up to dateKeeping in mind the increased attention for remote work from illicit entities, VPN server security itself is of high importance. Keeping it up to date and patched from known weaknesses and vulnerabilities is one way to increase cybersecurity 

Enabling Multifactor Authentication Where Possible

Multifactor authentication (or Two-factor Authentication, 2FA for short) is another security layer worth adding. It’s important for VPN connections as well as any sort of authentication. It protects your accounts from primitive, but still highly popular credential stuffing attacks 

Credential stuffing attacks exploit the very humane habit of making life easier and reusing the same passwords for different services online. In case of data leak, someone’s repetitive password or username/email and password combination can be reused to access other services and sensitive data.  

You can check whether your data has been leaked in the past. 

Using 2FA protects your account against credential stuffing attacks since your username and password are no longer enough to access your data – you also need to confirm the authentication attempt via a specific app or by entering code sent by SMS or other means that are accessible only to the account owner.  

With two-factor authentication, your account is protected not only by what you know (your password) but also by what you have (your phone usually).

You should absolutely use 2FA to protect your email, data repositories, online documents, finances and other matters.   

There is basically no difference in what authenticator you decide to use – Google Authenticator, Microsoft Authenticator or a trusted third-party source authenticator application. If in doubt, your IT department is the source of truth for such recommendations. 

Deploying and Upgrading Security Solutions

A perimeter firewall and antimalware are two essential security solutions that should be deployed in every company that deals with data. 

A perimeter firewall protects your router, the entrancpoint to your local network. Its protection mechanism is dedicated to secure not only your work equipment, but your Internetconnected home equipment as well 

Perimeter firewalls (or smart firewalls) for your home environment not only keep outsiders away from your local network but also providadditional layers of security for devices communicating outbound. CUJO AI has been working in this area and improving home security for years, but your telecom might have other protection choices – use them. 

When it comes to antimalware solutions, they have been overlooked for the past several years. Still, your work laptop or computer most likely have one installed and updated, with periodic scans enabled. Your task is to ensure that your personal equipment has it too 

One infected home device can cause real harm attempting to infect other devices or leaking out your private data.

Make sure to protect your own equipment; your work equipment might already be cared for by your IT department. 

Setting Data Security and Remote Work Policies

Existing security policies in lots of cases cover secure work requirements for a certain physical location within certain protected and regulated networks. They often exclude remote working in dangerous and harmful environments, and remote work from home is currently such an environment. In its essence, a home environment with an undefined set of personal devices mixed with work equipment, all used to reach an organization’s sensitive data and resources, is a dangerous combination.  

An effective remote work policy must clearly define and outline: 

  • how remote work is organized 
  • which equipment and software should be used to access certain assets and which shouldn’t 
  • how users are protected against the most common threats in remote work conditions

Controlling the Security of Remote Operations

Your IT department is most likely doing everything to provide the best conditions possible for business continuity and security. However, big part of the responsibility lies on you too. Follow the best practices and guidelines for your work equipment and adapt them to secure your own assets to strengthen the remote working space.  

Consult your colleagues, learn, and then consult them again. Share best practices and findings.

One common company pitfall is to focus on improving business continuity while security is left lower priority. Such an attitude is dangerous but not so rare.  

What each of us can do to prevent overlooking important security issues is give prompt feedback when something suspicious happens or when deployed security solutions don’t work as instructed 

KEY TAKEAWAY

The sudden switch from a secured and regulated environment to distributed workspaces accessing organizational assets has triggered the increase of unwanted attention, phishing and scam attempts and overall security risks. This is the one opportunity to learn, adapt and use the best cybersecurity hygiene techniques that are recommended first and foremost by your organization and respected resources in order to mitigate the risk or lessen the impact of things going wrong. 

 

Leonardas Marozas