Cyber Security Best Practices for Work From Home / Teleworking
With the recent trends worldwide, the Teleworking otherwise termed as remote working or working from home is on the raise. Should we consider this option as a threat or an opportunity for an organisation. It is definitely an opportunity but be aware to assess the threat involved in extending this option to your employees.
Everyone will talk about productivity, engagement, motivation, cost savings etc, but all these can prove just the opposite if the Cyber Security Vulnerability and threats are not evaluated prior to extending these facilities to the employees. So what do you think one should do before extending the teleworking or remote working options for employees? ● Do not open the flood gate to accommodate all users during BCP. Validate Business requirement and need for each user and decide ● Perform a Risk Assessment weighing the pros and cons of extending the teleworking options to employees ● Prepare an Information Security Training kit and ensure that all employees are aware of their responsibilities and role in adhering to the organisation Information Security Policy. ● Perform Network Penetration Test for all your devices are exposed to the public network which forms part of authentication service for the teleworking services. ● If you are doing IT services for your customer, Ensure that you get formal approval from your customer before you enable remote access ● Have a clear check and validate procedure before extending the end users to use their personal laptop/desktop. Sanitise their device and have a clear monitoring mechanism to check if all the required patch, Antivirus and minimum security checks are performed on the end users personal device ● Prior to give business application access to external network, perform a detailed and complete Application Penetration Test ● Avoid Remote Desktop Protocol (RDP) over the internet. RDP, if not configured and secured, can act as a gateway for cyber criminals to access sensitive internal resources ● Does your organization have Mobile Device Management Solution in Place for Mobile users? If not it is recommended to implement MDM while users are given access to organization information using their Mobile Phone.
● Use a reliable Virtual Private Network (VPN) to establish a secure channel between end user systems and organization network. Some of VPN best practices listed below o Implement Multi-Factor Authentication (MFA) on all VPN connections to increase security. If MFA is not implemented, enforce end users to use strong passwords o Ensure IT security personnel test VPN limitations to prepare for mass usage and, if possible, implement modifications—such as rate limiting—to prioritize users that will require higher bandwidths. o Update latest patch (Some organization they don`t update VPN patch due to continuous utilization) ● Establish 24X7 security alert monitoring for your external facing devices, VPN and Business application. If you already have SOC services (Security Operation Center), Ensure security rules are updated and all business applications and network devices are covered as part of monitoring ● Ensure to maintain compliance, privacy and regulatory requirements in Information security management services such as GDPR, HIPAA, PCI etc., when users work remotely. If you have any queries or help please feel free to contact us IARM Information Security Pvt. Ltd. | info@iarminfo.com | www.iarminfo.com