Remotely and securely
Friday, April 3, 2020
Let's do a brief review of the basic information security rules for remote workplaces.
- It’s essential to scan email on company mail servers for malware and spam (the latter is particularly important to filter out because employees are likely to open fraudulent messages).
- Naturally, employees should only be able to send and receive correspondence via their corporate mail server. System administrators are charged with making sure that the server is available to staff members at all times.
- Employee personal devices that are being used to access corporate infrastructures, documents, and emails must have anti-virus software installed on them.
- Users must not be able to change the anti-virus settings.
- Anti-virus security components must include an operational Office Control module.
- If possible, employees should use accounts that have no privileges. System administrators should provide employees with security settings guidelines and assist them with adjusting the settings—remotely or in person if employees bring their devices to the office.
As new security tips appear over time, we are happy to share them with you—these recommendations are really helpful.
Whenever employees work remotely, higher security risks are always involved because neither their computer activity nor their network connection can be controlled. And if employees misspend their working hours, watching TV series and doing household chores, that won't be the biggest problem. Leaking sensitive information is way more dangerous. To avoid security issues, follow these rules.
- Log every action you can, whether it’s application activity or server queries.
- Block access to particularly important pieces of information while the quarantine is in place.
- If a desired level of security can't be maintained for certain non-essential business routines, suspend them for the duration of the quarantine.
- If you doubt that certain employees will be able to comply with all the security rules, or if some staff members have a previous record of neglecting or violating established procedures, re-assign them to less important tasks.
- Set up two-factor authentication for all external and internal communication and data exchange venues, including corporate email and messengers.
- If you have a good system administrator, let them configure a VPN connection for your employees—this is a more convenient way for them to access your corporate infrastructure and ensures that data is circulated in a better controlled manner.
Most important, avoid allowing conflicts to arise among your staff members so that you won’t have a disgruntled former employee revealing sensitive information to a third party.
Scan systems for vulnerabilities.
Indeed, hackers can take advantage of a situation when a corporate infrastructure is being accessed online by lots of people.
And here are tips for those working from home:
- Update your router’s firmware. A router running on outdated firmware is an obvious target for criminals; infecting it will enable them to intercept traffic and deploy malicious code on the device.
- And do set those strong passwords, including the one protecting your anti-virus settings (note that your account password and the anti-virus password must not match).
- Install updates. Rolling out a red carpet for someone who’s trying to sneak into your corporate network or allowing them to send out spam from your machine won’t do, right?
Make sure that all user and administrator passwords comply with your corporate security policy. Make sure that your operating systems and CMS solutions are up to date and that all security patches are installed in a timely manner.
Or you can pull off this trick:
I use two different browsers: I log in with my office google account to one of them and use the second one during my leisure time. In reality, they often run simultaneously, but I do my best to avoid such situations.
The Anti-virus Times recommends
Work without stress and with gusto!
Tell us what you think
To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.
Comments
Niuxin
03:08:32 2020-04-25
Masha
22:30:10 2020-04-03
Dmur
22:18:40 2020-04-03
EvgenyZ
22:09:43 2020-04-03
Toma
20:32:14 2020-04-03
Неуёмный Обыватель
20:05:26 2020-04-03
Татьяна
16:35:06 2020-04-03
Пaвeл
14:46:20 2020-04-03