The latest transport strikes and the isolation of millions of employees to slow the spread of Covid-19 have been the vectors for massive teleworking in 2019 and 2020. The wide use of telework is not without risks for organizations’ information systems. Companies and organizations have less control over the networks, equipment and actions of their employees and, at the same time, must cope with an increase of cyber attacks from entities hoping to take advantage of this situation.
Telework : what are the constraints?
The first constraint that comes to mind when we talk about working from home is the network. This is obviously not under the control of the company and is one of the first potential sources of security breaches for the organization.
The second potential issue is the workstation used. Before to the isolation period, most teleworking employees had a laptop provided by the company. Because of the covid 19 epidemic, organizations have to engage in massive teleworking for which they were not prepared. This leads employees to use their own equipment over which the IT Department theoretically has no control.
Third problem, an organizational one: how to combine working from home and childcare? Beyond the problems of supervising the little ones, the noise and other various constraints, the fact of being absent, even for a few minutes from the computer, can incite them to use the workstation and accidentally perform actions that are potentially dangerous for the company’s information system; especially when the teleworker is a privileged user.
6 cybersecurity tips for teleworking situations
Working from home implies a greater responsibility for employees with regard to cyber risks. They can, at their own level, help the IT department to protect the company’s information system. The IT Department, on the other hand, can also provide teleworkers with solutions allowing them to work securely from home. Here are a few tips and recommendations to ensure IS security when working from home:
Teleworkers must ensure that their Wi-Fi network is not “easily” accessible. For this, the network must be secured by a strong password (at least 12 characters with upper and lower case letters, numbers and special characters) that is not already used for other applications of the same user.
In order to secure remote access, the IT department must provide employees with remote private network access solutions such as ZTNA products, which are much more secure than VPN solutions. ZTNA products allow access to only one application or resource, whereas a VPN gives access to an entire network.
For employees working from their personal computers (Bring Your Own PC), certain ZTNA solutions such as Systancia Gate allow the IT department to ensure the compliance of remote workstations connecting to internal applications by checking for the presence of an antivirus, firewall or updates, for example.
In the absence of this type of solution, it is up to the teleworker to ensure the “cleanliness” of his workstation by carrying out all the necessary updates and antivirus analyses with trustworthy tools.
In order to prevent any accidental malicious action that could result from a child using the workstation, when the teleworker is temporarily absent, it is recommended to systematically lock the session (on Windows: Windows key on the keyboard + L key).
Companies, too, can guard against any possibility of identity theft, especially for privileged users, with continuous authentication mechanisms which, via AI/ML-based behavioral analysis, guarantee that the person behind the screen is indeed the one who logged in. This type of functionality is available in Systancia Cleanroom, a solution for privileged access management.
In any case, the massive teleworking induces many challenges for the security of companies’ information systems. The rapidity of isolation resulting from the coronavirus health crisis did not allow organizations to prepare for this situation in advance. In these exceptional circumstances, Systancia has therefore decided to offer its cloud teleworking service (Systancia Gate), free of charge, for the duration of the epidemic to help, as far as possible, companies and organizations to maintain their activities during this difficult period.