- Get link
- X
- Other Apps
Today, many companies are introducing home offices for their employees as a response to the challenges posed by the coronavirus. The IT departments are under pressure: They have to find a solution for employees as quickly as possible so that they can work safely from home. In doing so, one often accepts compromises in terms of information security.
Intensive and, so to speak, area-wide
work via home office means that the risks increase significantly as new areas
of attack open up. The companies have invested a lot of money in IT
security and built walls, so to speak, to protect the working environment. Now
the employees are suddenly working outside these walls; For example, they
share the home network with their children or other family members who are in
the same network with private devices or work equipment.
To ensure smooth work in the home
office, companies have to consciously make compromises, unfortunately also in
IT security. Cybercriminals are also familiar with this dilemma. They
try to take advantage of the situation and increase their efforts. In
doing so, they are particularly targeting industries that are facing major new
tasks due to the Corona crisis, such as hospitals and other health facilities. In
addition, cybercriminals and state-sponsored espionage campaigns use the
Covid-19 issue intensively as bait in phishing emails.
In view of this, in order to minimize the risks, we recommend the following
measures for working safely from home.
Raising Employee Awareness
Technology alone cannot provide
comprehensive protection for employees in the home office. The best
protection against cyber attacks is the employees themselves. Educate your
employees about the specific dangers in the home office and empower them to
deal with these dangers. You should inform your employees specifically
about the dangers of phishing emails and train them specifically on
how to recognize and handle such emails. The spread of phishing mails in
connection with the coronavirus has already increased massively, and MELANI and
the BAG have issued corresponding warnings.
Secure Remote Access
It is best to use a VPN solution to give
employees who work from home secure access to the company's internal resources. This
offers a secure communication channel for data exchange with the company
network. If possible, use VPN together with multi-factor
authentication . This gives additional security.
Also think of the increased requirements regarding the availability of the
solution if a large number of employees suddenly work from home. Test your
infrastructure under stress; you may have to expand the system's capacity.
Hardening of the IT Systems Used
When working outside the company network
and the associated exchange with the company network, it is important to have
the IT systems of the employees in focus. These must be protected as well
as possible - in any case, the company infrastructure must be prevented from
being infected. You should make sure that at least one antivirus software
or an endpoint protection solution is installed on the employee
systems. At the same time, the employee systems should always be up to
date and also be able to be continuously updated in the home office. If employees
in the home office have to use private laptops, minimum requirements for these
laptops should be defined; this is the only way to guarantee a minimum
level of security.
Home Office Support
Possible in the company office: If you
have problems with the infrastructure, you can quickly ask another employee for
help, or IT support comes to the workplace. This is not possible in the
home office. That is why it is all the more important that the employees
know how support can be addressed. The support staff may also have to
adapt. New tools may need to be procured so that support can maintain
employee systems outside the company network.
Home Office Regulations
Employees in the home office must be
aware of their duties when working on the move - and they must behave
correctly. It is therefore important to document this and communicate it
clearly. In particular, the outflow of data must be prevented. It
should therefore be bindingly regulated how information (both on paper and
digitally) is to be transported and processed outside the company and which
protective measures are to be taken. In this context, the employees must
receive binding instructions so that data protection is also ensured in the
home office. This should make it clear to all employees that, for example,
confidential information must not be sent via private mail accounts, or that
confidential paper documents cannot be disposed of in the waste paper
collection.
Backup
It is important not to lose the work
done in the home office. Therefore, the work results must not only be
saved locally: Ideally, they must always be stored directly in the company
network. If employees use private devices, it must be ensured that the
data is stored correctly, i.e. in the company.
Monitoring the Infrastructure
Since there is always the possibility of
a cyber attack despite all the measures taken, the IT department should monitor
the infrastructure. In particular, unusual user behavior deserves the
greatest attention. However, it should also be borne in mind that behavior
in the home office can differ from normal behavior in the office. For
example, employees may work late into the night because they have to look after
children during the day.
Summary
It is very important that companies help
their employees to work safely from home in times of Corona. Even after
Corona, home offices will establish themselves in the long term and have an
impact on work processes and collaboration.
It is therefore important that mobile working and home office are implemented correctly. Much can be done to ensure adequate security. This is done through technical measures and the individual behavior of employees. On this basis, a company offers cybercriminals as little attack surface as possible. Having Protegent's total security will reduce the chance of fraudulent activity and keep your data safe.
Comments
Post a Comment