Working remotely? Do it securely
Checklists for employers and employees exiting the office
Global concerns over the spread of coronavirus have been driving companies to review how their employees go about their daily tasks.
Millions of people across Asia have started working from home. Leading technology companies including Amazon, Microsoft, Facebook and other employers have asked their workforce to log in remotely until the situation improves and the virus is contained.
Many other organisations have taken steps to test-drive their remote working policies and infrastructure. This impending paradigm shift means that every member of the workforce must prepare for the day when they are instructed to work from home.
Working from home is not complicated. Most of us do so now and again. Accessing an internet connection is easy enough, and office applications in the cloud make it seamless to transition from working at the office to doing so on your sofa.
But most organisations do not have experience supporting very large numbers of employees working remotely, and employees themselves may be a little unclear on best practices to observe when working from home.
Now is the time to review and enhance security around remote access to corporate data at both ends of the connection. Here are our top tips for secure remote working.
We naturally tend to be more relaxed at home, especially when it comes to security. After all, we're in the safety of our own homes, so what could go wrong? Unfortunately, cybercriminals seek to exploit exactly this sort of complacency with carefully engineered phishing exploits and threats.
Passwords matter: Review and strengthen the passwords you use for logging onto remote resources, such as email or work applications.
Be phishing-aware: Be wary of clicking on links that look in any way suspicious; download content only from reliable sources that can be verified. Our research has uncovered that domains related to coronavirus are 50% more likely to be malicious, so make sure to cast a critical eye over anything unexpected that pops into your mailbox.
Choose your device carefully: Many employees use a company computer or laptop for personal use, which can create a security risk. But the risk is even greater if you use a personal computer for work purposes. If you have to use a home or personal computer for work, talk to your IT team about how to strengthen security -- for example, by adding a strong anti-virus and security package to it.
Who's listening in? Does your home WiFi network have a strong password, or is it open? Make sure it is protected against anyone within range being able to access and connect. The same applies to working from a coffee shop or hotel -- use caution when connecting to public wireless networks. Unsecured networks make it easier for cybercriminals to do their dirty work.
This guide should serve as a starting point for organisations, whether their apps and data are stored in data centres, public clouds or within SaaS (software as a service) applications.
Trust no one: Your entire remote access plan has to be built using the mindset of zero trust, where everything must be verified and nothing should be assumed. Make sure you understand who has access to what information -- segmenting your users and making sure that you authenticate them with multi-factor authentication.
Additionally, now is the time to re-educate your teams so that they understand why and how to access information safely and remotely.
Every endpoint needs attention: In a typical scenario you might have people working on desktops inside the office. Assuming that their devices aren't going home with them, you now have numerous unknown devices that need access to your corporate data.
You need to think ahead about how to handle the threats posed by data leakage, attacks propagating from a device into your network, and you need to ensure the overall security posture of the devices is sufficient.
Stress-test your infrastructure: In order to incorporate secure remote access tools into your workflows, it's critical to have a virtual private network or session description protocol. This infrastructure must be stress-tested to ensure it can handle a large volume of traffic, as your workforce shifts gears to work from home.
Define your data: Take the time to identify, specify and label your sensitive data, in order to prepare for policies that will ensure only the appropriate people can access it.
Make no assumptions about previous data management and take a granular approach that will serve you well once remote access is fully enabled. No one wants to accidentally provide the entire organisation with access to HR.
Segment your workforce: Run an audit of your current policies relating to the access and sharing of different types of data. Re-evaluate both corporate policy and your segmentation of the teams within your organisation, so you have different levels of access that correlate with various levels of data sensitivity.
These cornerstones will help organisations better protect their data and networks against threats and interception at both ends of the connection.
Evan Dumas is the regional director of Check Point Software Technologies, a multinational provider of software and combined hardware and software products for IT security.