Working from home offices and other remote locations has increased lately, both due to increased opportunities from available remote connections and digital tools, as well as the global concerns over the spread of influenza and Coronavirus outbreaks. Crisis situations and global level concerns are well known to also increase phishing attempts in the name of well-known organizations and topical themes. How has your organization prepared for the increasing level of remote working, risks it might provoke and securing your organization’s data in the current turbulent environment? Read our tips for secure remote working.
1) Physical security: What is the remote working environment like?
A wise starting point for reflecting the security of remote work is risk assessment. Both the physical and digital security of the working location should be considered, whether it’s your home or other location. Are you working in a location where your screen can be seen through a window or by someone walking behind you? Screen protecting privacy filter films are a simple yet effective solution in many different locations – while traveling, at the office or your home – to protect sensitive information being processed on screen.
2) Secure communication channels
It is important to use mutually agreed secure communication channels and data transfer methods. While working remotely, the same communication channels should be used than while working at the office. Working from your home, e.g. sitting on a sofa with your laptop, easily makes your feel safe and relaxed, misguiding you to use communication channels and methods familiar from your spare time. However, critical information should not be shared via e.g. WhatsApp and other insecure channels.
3) Secure data transfers – use VPN!
The best way to ensure the security of your data transfers is to use VPN connection. VPN, a virtual private network, is familiar to many remote workers for accessing resources within the office network, but it also encrypts all of your data communications. Meanwhile, it tackles many of the remote working risk factors, for example uncertainty with the reliability of the used internet connection. It is important for organizations to ensure all of their employees know how to use the VPN connection, and that it’s easily available for everyone. Probably many remote workers have faced the situation where they realize, while working at the home office, that the VPN connection isn’t working, and they can’t access the resources they would have needed.
TIP: Rehearse setting up the VPN connection
Try out your VPN connection together with your colleagues. Connect to your office guest WLAN or use mobile hotspot from your phone. Now try connecting to someof the systems that you usually use in your office network, e.g. shared drives – this probably doesn’t work. Then, connect your VPN while still using the guest network or mobile hotspot, after which using internal resources should again be possible.
Not being able to connect to network resources from home or other location creates inefficiencies to working, and probably interruptions to colleagues’ work as well, if the remote worker needs to ask others to send him necessary files or other data. At the same, everyone is probably quite busy, which adds to people ending up sending the requested files with the easiest possible channels, which often conflicts with cyber security.
4) Is the used internet connection protected?
Is the home office internet connection protected and secure to use? The home wireless network should at least be encrypted and protected with a password. In practise this means that the default password is changed from the WLAN device settings, as well as the data transfers are configured as encrypted.
If there is uncertainty about the level of protection, or one has to use a public network, it might be better to use mobile hotspot for security reasons, if that is available. Nowadays many employees have an unlimited data plan in their mobile phones, which allows them to use the mobile hotspot while working remotely. On the other hand, the VPN connection offers protection also when the security of the used internet connection is not known.
5) Beware of phishing attempts
When the workplace community is no longer nearby, it’s easier to fall for suspicious phishing attempts. The National Cyber Security Centre of Finland told in February that one of the major cyber threats at the moment is the increased amount of phishing attempts that are difficult to recognize from authentic communications. The global crisis, such as the Coronavirus pandemic, increase the amount of phishing attempts substantially, as the phishing messages are sent to concerned people in the names of well-known health care organizations and cancelled audience events.
TIP: Phishing attempts
If you receive a suspicious message from a person you know or in the name of a well-known organization, use different communication channel to ask if the message was authentic and safe before you open any attachments or links. For example, if you receive a suspicious email message, call the sender or use some text messaging app to ask about the authenticity of the message. The scammers get often revealed by chancing the communication channel instead of responding to the same message.
6) Ground rules for remote working
Together agreed ground rules ensure efficient remote working. Many aspects might seem as obvious for accustomed remote worker, but the current global situation might lead to many people experiencing remote working for the first time. Some aspects to agree mutually are e.g. how progress is monitored, how meetings are organized, which devices are allowed to be used for working and in what kind of locations remote work is allowed.
Device list should be up-to-date to ensure all devices now used at home offices stay updated and within security protocols. On the other hand, it should be clearly communicated if work can be done with home computers, and what are the requirements for the device security (e.g. antivirus software and VPN connections). In addition, one easily leaking data source is memory storage equipment such as external hard drives and USB drives, that can be hazardous when ending up in wrong hands.
It is also important to create guidelines on what is allowed with the work laptops and other devices, and who is allowed to use them. Family members and friends should not be allowed to access sensitive data. Also, attention should be given to how the devices are stored, for example, not leaving them in plain sight.
elfGROUP’s cyber security experts wish everyone secure remote working weeks!
We wish you and your organization get efficiently started with remote working with these tips. If your organization could use more detailed analysis on your practises and IT infrastructure, we’d be happy to help. Cyber security survey is used to assess organization’s cyber security status and start systematic development towards cyber security, possibly become a security-certified organization. Developing organization’s data management capabilities is done by modelling, rationalizing and properly implementing corporation's information system landscape, its inherent data architecture and data management lifecycle functions.
Contact our sales team to find the reasonably scoped measures to ensure cyber secure and functional IT infrastructure!