Teleworking is a flexible form of work organization that consists of the performance of professional activity without the physical presence of the worker in the company during a significant part of their working hours. This modality forces companies to contemplate various scenarios, such as the manipulation of work information on devices that may not be adequately protected or remote access to sensitive information. These cases, among many others, cause organizations to consider different ways of managing security to minimize the risks associated with an information attack.
Security points to consider when teleworking.
Weak passwords
– Absence of security solutions
-Connection from insecure networks Devices with unencrypted information
-Lack of backups of the information
-Lack of updating of systems and devices
Threats
– Loss of devices
– Infection with malicious code
– Execution of exploits
– Equipment damage
– Deception based on social engineering
The company must have security controls and policies that classify what type of information is accessible and which should have a higher level of protection to avoid security incidents such as information leakage.
Determine what the risks are, the level of probability of occurrence and the level of impact.
Risks.
Safety Pillars.
MANAGE ROLES
The company must ensure that access to information is allowed only for those roles that are actually enabled to do so.
DEVICE CONTROL
Considering the wide variety of devices on the market, it is important to restrict access to only those on which the appropriate security tools are applied.
PROTECT AGAINST MALICIOUS CODE
To ensure that no malicious code affects data, all devices used by the employee must have security solutions that proactively detect these types of threats
MONITOR NETWORK TRAFFIC
Since there are devices that are entering the network outside the physical perimeter of the office, it is necessary to keep track of what type of traffic they generate.
SECURE CONNECTIONS
Implementation of client-based VPN connections, since this type of network allows a user to be connected to a remote network, through an application that is responsible for establishing communication and lifting the VPN. To access the secure connection, the user must run the app and authenticate with a username and password, and even adding a second factor of authentication. In this way, the encrypted channel between the computer and the remote network is created, for a secure exchange of data.
WRITE A SECURITY POLICY
The security policy must declare the intentions regarding the security of computer resources, and from it lay the foundations to determine the obligations and responsibilities of users with respect to the use of the technologies available to them.
RAISE EMPLOYEE AWARENESS
All users should be aware of the risks to which they may be exposed and what precautions they should take when bringing in devices outside the company. If the user does not know the risks to which the company’s information, and even their own, is exposed, they can more easily fall victim to many threats.
Source: https://empresas.eset-la.com/novedad/guia-de-teletrabajo
At Itera we can help you.
Contact a specialist: seguridad@iteraprocess.com
Related posts
Topics
Ready to take full control of your cloud investment?
Casos de éxito
