Due to the pandemic of COVID-19, many Companies have adopted the “Home Office” working regime almost in an integral way for their collaborators. This fact allowed that the tasks so far carried out in the Office previously to be currently done in a remote way.
However, it is important to highlight the fact of the collaborators to be working in their respective houses and not in the actual Office site, which brings some points of alert that must be observed.
We can divide such points by technological aspects and by human aspects.
In what is referred to the technological part, the fact of an user to be working in his/her respective Home diminished considerably the management that the department of IT has over this collaborator, because, in the Office he/she would be obligatorily connected in the local network, and with that, subjected to the rules of security of the Company.
But in the human aspect, the users are more vulnerable to suffer attempts of cyberattacks because of the lack of technical knowledge, simply.
SCENARIO
For the purposes of exemplification, let’s imagine the following scenario:
A user that is in the Office receives an email with a malicious link, asking him/her to enter a certain meeting “invitation”. This user, because of being in the Office, can readily go to the correspondent Department and clear any doubts in a quick manner.
However, if this user had been working remotely from his Home, he/she could also clear the same doubt with the IT team, however, because of the fact of not being physically present on the site, he/she would be subject to get in contact with the department or not through the telephone or using another mechanism of distance communication.
The fact is that the presence on the actual Office site aids in a faster and instantaneous communication, besides giving more security and support to the user.
In this scenario illustrated above we considered an email with a malicious link related to a meeting “invitation”, however, imagine if instead of an “invitation”, a social engineering attack happens just when really would be possible to create a certain feeling of panic in the user?
In fact, the presence of the collaborator on the site would bring more support to the users in situations such as this one.
In the face of this aspect, how can we protect the remote collaborators from attacks related to the Information Security?
PRACTICES FOR INCREASING THE SECURITY OF THE USERS
Let’s see on the following some of the main points that should be observed:
Technical qualification
Invest your time in the qualification of your collaborators. The qualification is an indispensable factor. It is of no use if you have the best defense technology, and at the same time your users can’t figure out how to react in adverse conditions such as emails with suspicious content or malicious links, among others.
Utilization of VPN for remote accessing
With the intent of increasing the security in the traffic to certain sites and systems in the Company it is important that the workability for utilization of the VPN for remote collaborators is evaluated.
Definition of passwords with minimal levels of complexity
The accesses to the systems of the Company must always be done with credentials that contain minimal levels of complexity, avoiding in this manner the creation and utilization of fragile passwords easily identifiable.
Restriction for the installation of Applications
It is important that only the authorized application by the IT team can be installed in the machines of the users. Granting permission of “Administrator” for a common user can end up resulting in the installation of several non-authorized applications consequently creating security breaches.
Restriction for the transference of files
The users should be able to manipulate only the files authorized by the IT team for their respective tasks. The other files necessary must possess their accesses automatically blocked.
Utilization of non-secure Wi-Fi networks
This is the point that can go unnoticed by common users, however it is of vital importance. The utilization of a Wi-Fi network that is non-secure in a public place such as a shopping mall or another facility can involve several malicious mechanisms for infecting devices that are connected, therefore must be avoided.
Utilization of antivirus programs
All the user’s computers must possess antivirus software installed. The utilization of antivirus will allow not only the prevention, but also the exclusion of known malware that is able to compromise the data.
PRACTICES FOR INCREASING THE SECURITY OF THE INFASTRUCTRE
As we are able to observe above, there are several points which aid in the protection of the remote collaborators against cyberattacks. However, it is important that we highlight that the infrastructure of the Company should also possess minimum requirements of security, such as:
Equipment and updated software
It is fundamental that the applications installed in the environment of the Company are up-to-date. The utilization of software that are not updated or discontinued can compromise the security of the Company’s data.
Management and monitoring of the network
For that your technical team can have science of the traffic that is being consumed in their network, among other information, it is indispensable to have the management and monitoring of the network, in order to provide for a safe and reliable environment.
Backup routine
It is important that your Company is able to perform backups constantly from the applications that are in use. This will allow in the case of an adverse situation, to carry out the recovery of the data of the systems with security.
Continuous study and analysis about the requirements of security
The technical team must be always analyzing the new technological threats discovered. As well as, the possible defense mechanisms to apply them. This without any doubts is essential, bearing in mind that the technology evolves rapidly, and in that manner new techniques of attacks will be able to be discovered and applied.
FINAL CONSIDERATIONS
Notoriously, we are able to identify that there are many points to be observed and analyzed in order to be possible to create a safe environment for the remote collaborators. There are several challenges, and knowing how to face them without a doubt will make all the difference for the performance of the activities in the Company. The visibility of the traffic will be a crucial allied in this endeavor.
In this sense, there is no doubts about the importance of having investments in network management. Bringing therefore not only benefits to the visibility of networks but also being a way to guarantee greater governance.
Thinking of that, Telcomanager present in the market since 2002, and a leading Latin America brand in the sector of software for managing networks. Also counting with a unique and innovative technology, deploying smart solutions in the monitoring of data that will provide a stratified vision of the traffic, is now allowing your Company to follow the most important aspects of your network, in real time.