Teleworking has gone from being a "residual" activity to being present in many companies, including Future Space where we know that a number of factors must be taken into account in order to telework safely. Moreover, this change has not occurred gradually, but has been imposed in a few days with the arrival of the pandemic. This means an increase in the use of vpn and the absence of checks that until now were carried out in person.
This new scenario is trying to be exploited by attackers and to try to be more secure when connected to telework.
What advice can I give on how to telework safely?
Here are some tips and recommendations:
- Don't give away your details at the first opportunity. Protect your team and your mobile devices with access credentials and differentiate your personal accounts from the professional ones. Remember to always use strong passwords and double-factor authentication whenever possible.
- Keep an eye on the devices.
- Don't mix work and play.
- Share through the corporate network not through external networks.
- Keep operating systems and applications up to date, both those you use professionally and at the user level. Install official repository software and never forget to have an antivirus.
- Encrypt your informationmedia to protect your company's data from possible malicious access and thus ensure its confidentiality and integrity.
- If we have a Wifi connection at home, we must ensure that the configuration is correct and secure. This will prevent a cyber criminal from connecting to it and stealing our information or that of our customers.
- Remember that even if you work from home, you must always guarantee the security of your data and comply with the security requirements set out by the Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD).
- If you use mobile devices(smartphones, tablets, laptops, etc.) to access your corporate information, install remote management applications. In the event of theft or loss, they allow you to locate it or delete the data if necessary.
- If you do not have a VPN, when travelling avoid the use of public wifi networks (hotels, cafes, airports, etc.), use 4G/5G connections instead and access services using secure communications (SSL, HTTPS, etc.)
- Make regular backups of all your media to ensure business continuity in case of any security incident or any other possible disaster (theft or loss of the device, breakdown, etc...). Check regularly that these copies can be restored.
- When the information is no longer needed by your organization, you should delete it securely. If the information is not electronic (paper, photographic negatives, X-rays, etc.), a shredder should be used. For electronic media use the overwriting process, if you want to reuse the device, or the demagnetization or physical destruction process, in case you want to discard it.
- When we make use of video conferences, we must determine whether the persons authorized to participate are who they really should be, verifying the identity of new contacts in case we initiate a video conference with them for the first time.
- Changes all passwords and factory settings for the router and endpoints; the key vulnerabilities for cybercriminals
- Check which devices are connected to the router, this can be done in the configuration panel of your router.