[BreachExchange] How to stay safe when working remotely

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jun 21 20:21:37 EDT 2018


https://recruitingtimes.org/recruitment-and-hr-technology-
news/23527/how-to-stay-safe-when-working-remotely/

Now, people work from home, hotel rooms, conferences or even cafes.
Wherever there are telephony and internet options, work is possible.
However, this kind of flexible working can generate instances where data
leaks can occur, and cybersecurity can be breached. Working remotely can
put a business’s IT systems at risk, but there are ways to minimise these
risks.

Those responsible for cybersecurity need to examine any risks that may be
associated with working remotely. The first step when addressing data
breaches is to understand how and where these may occur. Raising awareness
of cybersecurity is important, and staff should be educated on these
issues. If employees all understand how to protect IT security and can take
the necessary steps to do so when working from locations outside the
office, then this will help to keep data safe.

As part of your business’s cybersecurity protocol, your IT team can devise
guidelines for safe working practices, along with an action plan to be put
into effect should a member of staff have reason to think that they have
exposed the business’s IT systems to a security threat.

There are also a number of basic precautions to take to keep IT systems and
data safe. Having an effective and up-to-date antivirus security system in
place will prove to be extremely worthwhile in protecting data and
software. Make sure that there is a system in place to maintain security on
all devices that includes strong firewalls, encryption and web filtering.

Passwords for all devices, especially mobile ones, are also critical. Make
sure that passwords are updated regularly and cannot be easily guessed. If
staff are using their own devices when working remotely, then check that
this hardware has adequate protection in the form of antivirus software,
encryption and firewalls so that they do not present a weak link for
hackers or viruses to exploit.

Overseeing security on devices that staff own can present tricky issues in
the area of privacy, so a business may need a policy governing what kind of
business-related activities can be carried out on privately-owned devices,
and these devices may need security measures installed that are approved by
the IT department. Staff should also be aware of keeping all devices safe,
including USB sticks and other storage hardware.

Public wifi can be vulnerable to cyber attack, presenting opportunities to
breach systems and poach data. Avoiding public wifi where possible is a
good idea, although in practice, this is not always feasible.

Trusted networks are always preferred, and it may be sensible to prohibit
carrying out tasks involving sensitive data on public networks. If you
develop an IT protocol, it could include a list of work-related activities
that are not suitable to be carried out using public wifi or any computer
in a public place.

Email can present many opportunities for the cybercriminal to gain access
to critical data. Correspondence should be protected by encryption software
and staff should be made aware of how to work safely using corporate email.

Prevention is better than dealing with a security breach. Robust systems
and safe working practices will help protect your business and its data.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180621/71f04b3a/attachment.html>


More information about the BreachExchange mailing list