The use of telecommuting has exploded and represents a growing trend. This brings new challenges in terms of cybersecurity.
Between the improved quality of life perceived by many employees and the assurance of a minimum level of business continuity in the event of a health crisis like the one we experienced in the spring of 2020, there is a strong likelihood that telecommuting will only continue to increase.
In this article, we will provide recommendations to better secure the implementation of telecommuting and reduce its exposure to the risks it entails.
At Arsen, we emphasize the use of collective intelligence to strengthen the security of companies.
By questioning their colleagues or specialized experts, potential victims can identify and counter ongoing attacks against your company.
This information sharing also allows experts to take effective countermeasures against the ongoing attack.
To provide reliable assistance in the deployment of telecommuting in your company, you can define a list of people to contact in case of doubt or questions regarding security.
This helps support your employees and assures them that they are not isolated in case of doubt, as a telecommuting situation might make them think.
Policy for equipping telecommuters
As much as possible, provide dedicated, secure, and controlled equipment.
The equipment must be dedicated and allow for the physical separation of professional activities, which take place on the equipment you provide, and personal digital activities, which should take place on personal devices.
As much as possible, avoid BYOD - Bring Your Own Device - as it may introduce compromised equipment into your network.
The equipment must be secure and controlled. Use Mobile Device Management (MDM) solutions to deploy and control installed applications, their updates, and various information about the status of the equipment.
An anti-malware protection solution that allows for centralized management also helps protect and manage the protection of remote computers against known threats.
Finally, a clear policy must be defined regarding the separation of usage and the use of the provided equipment for telecommuting, as well as best practices for cybersecurity in telecommuting outside the office (cafes, coworking spaces, etc.) or at home.
Secure external network access
It goes without saying that you need to secure access to your network from the outside.
We have already mentioned this in the best practices for cybersecurity, but deploying a company VPN already allows you to secure the flow of data to your network.
Then, categorize the data, resources, and systems that you want to expose to remote access. Instead of giving global access to your entire network and its data systematically, only give access when necessary and limit remote access for employees to the bare minimum: this is the principle of Least Privilege.
In the event of a cyberattack, this slows down the spread of the attack within your company and can limit access to confidential data.
A good identity and rights management policy is necessary for this.
Lead by example
Implementing new policies, especially in cybersecurity where the danger is often invisible, results in a significant resistance to change.
In addition to awareness and frequent communication, leading by example is a simple, effective, and essential way to address this.
Make sure that top management is properly aware of the challenges of cybersecurity in telecommuting and quickly adopts the security policies in place.
Adoption must be complete and exemplary. Once this is in place, do not hesitate to communicate about these topics: internal communications, satisfaction surveys regarding the work environment for each individual, etc.
Emphasize the cultural awareness of telecommuting risks
Finally, many people are not aware of the problems related to cybersecurity.
On the one hand, your employees have probably never experienced the consequences of a cyber-attack, as it remains an invisible and "unlikely" threat to them.
The popular image of a virus changing wallpapers or locking all systems is only a part of cyber threats. Data breaches, which can have serious financial consequences and jeopardize their employment, sometimes go unnoticed for more than six months*.
On the other hand, the vast majority of users rely on the technological protections in place and place their trust in these tools' ability to protect them.
They are confident that their antivirus, firewall, and other security tools provided by the company are sufficient to protect them from cyber attacks.
However, cybersecurity is a perpetual cat and mouse game, and new attacks that bypass these protections regularly arise.
Humans are therefore the last line of defense. Their critical thinking and vigilance are the best form of detection.
At Arsen, we offer an anti-phishing training solution combining:
- Real-life simulation to observe the behavior of your employees in the face of a phishing campaign under realistic conditions
- Micro-learning training to provide understanding and instill good reflexes in your employees
- Performance reports to assess your level of cultural awareness and your company's security score
This type of solution allows, among other things, for the simulation of phishing campaigns using attack "scenarios".
In the context of telecommuting, use contextualized scenarios that take advantage of the situation:
- Scenarios related to the period and reasons for telecommuting. For example, an email granting access to COVID-19-related information.
- Scenarios exploiting telecommuting, such as "download the new VPN client" or "log in to the new intranet portal for telecommuting."
These scenarios should ensure proper implementation of reporting procedures and also address telecommuting security issues, such as contacting security personnel mentioned earlier.
Telecommuting presents a significant challenge in terms of your company's cybersecurity.
However, if you follow cybersecurity best practices and implement the recommendations in this article, you will have a much better chance of thwarting most attacks and mitigating your risk.
If you want to improve your company's cybersecurity, invest in the cultural awareness of your employees to transform them into a true human firewall: discover our solutions.
Sources: * Ponemon 2017 Cost of a Data Breach Study