Teleworking or remote working is very convenient nowadays because technology gives the ability to organization to move flexibly towards their employees. Employees on the other side can leverage the benefits of teleworking by not having to move from their homes. Especially today, teleworking has become a necessity and many organizations are obliged to comply with the new standards. When moving at a fast pace from one state to another, mistakes can happen that can cause security issues. Logstail.com is here to provide a short guide for the basic security considerations when teleworking. As a starting point when we deal with security in information systems, we want to primarily achieve three objectives:
1) Confidentiality. This term means that we want to ensure that our communication during working (data in transit) and the data we process and store (data in rest) cannot be read by unauthorized parties.
2) Integrity. This objective is about detecting any intentional or unintentional changes to remote access communications that could cause unwanted parties from interfering with our connections.
3) Availability. This last term means we want to ensure that access to our resources through remote communications will be available whenever we need it.
The 10 rules
1) We work in a secure environment. Before we begin our teleconference, we have to make sure that our environment keeps some basic security requirements. We change the Wi-Fi password of our network at home, the name of the network, and use the strongest encryption (never WEP). If we are outside of the house, we consider public Wi-Fi networks such as coffee shops, restaurants or hotels as untrusted, and we treat them accordingly. Also, we never use a public computer such as these in the reception of hotels, for work.
2) We secure our devices with strong passwords. Long and strong passwords can cause headaches or can be easily forgotten. A good solution to have different passwords for every sensitive service is the use of a password manager. Also, we have to remember that the devices that connect to the internet today have been increased (PC, laptops, security cameras, printers, smart tv,). This means that a serious vulnerability in one of them can cause a security issue in the entire home network.
3) We keep our computers, mobile devices and software updated. Every day hundreds of vulnerabilities are being announced. Many of them can be easily exploited and cause serious security issues. This is the reason why we have to develop the mentality of regularly updating our devices.
4) We are using authorized devices that the organization has provided to us or personal devices only after approval. Many organizations that have implemented the teleworking concept, tend to provide devices that have undertaken security checks and give limited rights to the users. Also, these devices have only the necessary software to perform daily duties, thus reducing the attack surface of the device. If this not the case, then the next best solution is to allow our organization to check our device before start working with it.
5) We use Virtual Private Networking (VPN) to connect to our organization’s resources. Establish a mechanism for secure access to our organization’s resources is not our responsibility, but we have the obligation to obey the rules when our company does so. VPN is considered a secure way when teleworking. We simply have to follow the steps given by the IT team (screenshots is always the best) to virtually be inside the local network of the company.
6) We use two-factor authentication (2FA) to protect our online accounts (e-mail, e-banking). Multi-factor authentication requires at least two different factors to provide authentication. As an example, the password is something you know factor and the smartphone is something you have. This method dramatically increases our security posture and protects from many threats.
7) We do not let other members of our family use the work devices and we configure them to be automatically locked after a short period of inactivity. Despite the fact that in our house there are only relatives, this doesn’t mean that our information can be shared without consideration. Children also tend to be curious and browse websites that may be harmful to our work devices.
8) We regularly take a backup of our work. Despite the fact that users can be cautious, the bad can always happen. For example, we can accidentally install software that encrypts our data and a malicious user will ask for money (ransomware). In these situations, the best solution is to ignore the malicious user and restore our data from a previously taken backup.
9) If we have a concern that our device has been compromised, stolen or lost, we immediately contact our company to inform them. Unfortunately, an unwanted situation can happen. As a user, we must be always alert and identify when something is going wrong. These are some examples:
- Anti-virus program triggers an alert
- We get a message that our device is locked, and we must pay a ransom to fix the problem
- People are receiving emails or messages from our accounts that we did not send
- Passwords for our accounts do not work despite the fact that they are correct
- Our browser is taking us to random websites that we can’t close
- We installed software accidentally or intentionally but didn’t check its validity
In any of these situations, we must contact my company to inform and take advice about the next steps.
10) We are always responsible for our actions. This rule deals with what we call social engineering. Social engineering is a means by which an unknown, untrusted or at least an authorized person gains the trust someone inside an organization. We tend to declare that human is the weakest link in security and that’s why this rule is very important.
In Logstail.com, we can support your secure teleworking by providing our scalable cloud-based log management platform. Now you can hold the performance of even on your individual system in your hand by monitoring features like iptables and system performance! We provide ready dashboards that will give you the necessary information in a single view!! Try it now!
Images taken from https://apps.logstail.com/apps2go/