![]() ![]() ![]() "One of the biggest cybersecurity risks is the personal device," Glass, of law firm Stark & Stark, said. Many workers will have no choice but to use personal devices and home networks to get their job done. Rembiesa recommended organizations also secure the cloud and SAAS applications that remote workers will be using in the coming months by ensuring identity and access control and encryption of data. Guy Bruneau, a senior security consultant with IT security firm IPSS Inc., in Ottawa, Ontario, Canada, said employers should frequently patch their VPNs with the latest security fixes and use multifactor authentication as another layer of protection against an expected increase in VPN phishing attacks.Īnscombe explained, "Multifactor authentication ensures that access, whether to cloud-based services or full network access, is by authorized users only." ![]() Remember that since people are now working from home, the traffic is flowing over public networks."Īnscombe advised employers to first determine who on the staff needs access to the organization's entire internal network, and who may just need access to cloud-based services and e-mail. "This prevents man-in-the-middle attacks from remote locations. "Always use a VPN to connect remote workers to the organization's internal network," said Tony Anscombe, chief security evangelist at ESET, an IT security company based in Bratislava, Slovakia. Many workers will be logging in to their personal Wi-Fi network and should make sure it is set up securely with a strong password.Įxperts recommend that organizations require employees who are working remotely to use VPNs to help maintain end-to-end data encryption. That's always inadvisable for work devices, and employers should discourage it. Some workers may want to use unsecured public Wi-Fi. The most basic areas to address are whether employees will be using company-provided or personal devices and a VPN or a remote desktop, and whether work-from-home systems can be tested. If remote work is a new practice for a company, set standards, expectations and processes for your staff, said Trina Glass, an attorney with Stark & Stark in Lawrenceville, N.J. "Companies should review plans to ensure that organizations are prepared for responding to a data breach or security incident." "Many employees do not work in security day to day, and some may have never worked remotely before," he said. Managers should ensure that applicable security guidelines, plans and policies flow down to their teams. "If no relevant plans or policies are in place, this is a good time to establish at least some basic guidelines to address remote access to company information systems and use by employees of personal devices for company business." Securing communication and collaboration channels.ĭust Off Those Remote-Work Security PlansĬhristopher Buontempo, an attorney in the Boston office of law firm Mintz, said that organizations first need to review information security policies to determine if there are any established security guidelines for remote work.Communicating with employees about phishing and malware campaigns tailored to the current crisis.Addressing authorization and authentication.Securing virtual private networks (VPNs).Setting up and communicating remote-work security policies.These are the areas organizations should focus on to shore up remote-work cybersecurity: An expanded attack surface combined with an influx of workers who are new to working remotely increases the opportunities and odds of success for cyberattacks." "Organizations suddenly have an exponential increase in the number of endpoints and … cyber adversaries are looking to capitalize on the chaos. "As the number of people logging in remotely or connecting to cloud-based SAAS applications rises, the attack surface expands," he said. Onkar Birk, senior vice president of product strategy and engineering for Houston-based network security firm Alert Logic, said there has been a significant spike in the number of users connecting to company networks and accessing sensitive data from home computers. "The impulse to send employees home to work is understandable, but companies and agencies without business continuity plans with a strong IT asset management component are going to be sitting ducks for breaches, hacking and data that is out there in the wild, beyond the control of the company," said Barbara Rembiesa, president and CEO of the International Association of IT Asset Managers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |