Remote User Guidelines

The sudden swift surge of millions of workers from onsite to remote work environment has challenged organizations as never before.

Cybersecurity investments are paying off and companies that modernized their infrastructure and trained their people transitioned to remote work quickly, without compromising security.

However, many companies emphasized “connectivity first” in their initial response. Now is the time to assess security and control gaps to stop cybercriminals eager to take advantage.

Here are some considerations and tips for securing external devices used for telework and remote access;

• Users should understand their organization’s policies and requirements, as well as appropriate ways of protecting the organization’s information that they may access.

One of the primary purposes of the organization’s policies and procedures is to provide protection for the company, for its employees and its customers. Users should be equipped with appropriate training on handling information, access and it’s relevance to their job function. An unauthorized release of sensitive information could damage the public’s trust in an organization, jeopardize the mission of an organization, or harm individuals if their personal information has been released.

• Ensure that all the devices on their wired and wireless home networks are properly secured, as well as the home networks themselves

Common misconceptions about security of home networks is that their home is too small to be a risk of a cyberattack and that their devices are “secure enough” right out of the box. Understand that most attacks are not personal in nature and can occur on any type of network – home or business, big or small. If a network connects to the internet, it is inherently more vulnerable and susceptible to outside threats. Ensure that Anti-virus software are up-to-date and network firewall is installed and other security measures are applied.

• Consider the security state of a third-party device before using it for remote work.

Whenever possible, do not use publicly accessible devices for work, including remote access to email and other applications. Avoid using third-party devices from performing sensitive functions or accessing sensitive information. Consider who is responsible for securing and accessing those devices.

• Secure your Operating Systems and Primary Applications.

Maintain the computer’s security on an on-going basis, use combination of security software, personal firewalls, spam, web content filtering and popup blocking, configure network features and wireless network securely and protecting user sessions from unauthorized physical access.

• Secure consumer devices used for telework, such as cell phones, tablets , and video game systems.

Limit access to the device by setting unique personal identification number (PIN) or password, automatic lock after an idle period, disable network capabilities such as Bluetooth and Near Field Communication (NFC), except when they are needed; configure and update security applications and do not connect device to an unknown charging station and unsecured Wi-Fi connection.

• Secure Information. Encrypt files, backup information stored and destroyed when no longer needed.

Encrypt communication to prevent attackers on the Internet and other networks from eavesdropping on the communications or tampering with them.

• Adequately protect remote access specific authenticators.

Ensure to adequately protect their remote access-specific authenticators, such as passwords, personal identification numbers (PIN), and hardware tokens. Such authenticators should not be stored with the device, nor should multiple authenticators be stored with each other (e.g., a password or PIN should not be written on the back of a hardware token).

• Be aware on handling threats involving Social Engineering.

Social engineering general term for attackers trying to trick people into revealing sensitive information or performing certain actions, such as downloading and executing files that appear to be benign but are actually malicious. Be wary of any requests received that could lead to a security breach or the theft of a telework device. Training should be provided on how to recognize and handle social engineering attempts.

• Follow the organization’s policy and procedure for reporting and handling a Security Breach.

If you suspect that a security breach (including loss or theft of materials) has occurred involving a device, remote access communications, removable media, or other components especially if it contains sensitive information, the employee should contact the appropriate point of contact within the organization and follow the organization’s policy and procedures for reporting possible breach.

If your company took short-cuts to expand remote connectivity, do an assessment to review access and current controls in place and the threats your remote workers may inadvertently be creating.

Take the lead to evaluate risks and ensure that controls are in place for safe, healthy, productive employees and for operations that customers and business partners can trust.

==> Get a FREE Cyber Health Check

Rina Brinas, Cybersecurity Marketing Specialist, Data-Guard 365

Data-Guard 365 is a MSSP firm headquartered in Indianapolis, Indiana, with offices in Chicago, Atlanta, and other strategic locations across the globe. The company is a one-of-a-kind business partner whose people, processes, and technology provide armored cybersecurity for a price point that pays for itself. 

Data-Guard365.com / (317) 967-6767 / info@data-guard365.com