* Jefferson R Silva
With the measures recently adopted to contain the spread of Covid-19, many companies have advised their employees to work remotely from their homes to maintain the continuity of their operations. However, it is important to pay attention to the care with information security, since working from home, employees do not have so many protection mechanisms and are more vulnerable to cyber threats, facilitating the occurrence of cases of information leaks and the spread of information. software on workstations or on the company's own network.
Information Security Measures that can be adopted during the remote work regime (Home Office)
Using good market practices as a reference regarding Information Security, we list the main measures that can be adopted by organizations when adopting the remote work regime:
- Constantly evaluate and monitor the components that support the IT infrastructure and internal and external network security;
- Use two-factor authentication for access to the network and corporate systems;
- Use disk and email encryption solutions;
- Limit access to only software/ files necessary for the function of each employee;
- Implement strong password policy for network and systems (minimum of 10 characters with uppercase, lowercase letters, numbers and special characters);
- Provide services for remote file storage in order to avoid local storage on workstations;
- To set up session time-outs for critical applications;
- Ensure that the antivirus software and other protection solutions are properly installed and updated on the workstations of its employees;
- Run backups journals of critical databases for the company's operations;
Guide your employees to:
- Do not access sites that are not necessary for the performance of their labor activities.
- Do not perform download in software or files whose source is unreliable and which are not used for the performance of their labor activities.
- Do not open emails unknown senders or click on links suspects when browsing the internet.
- Always communicate the person responsible for IT / Information Security when identifying any activity or receiving suspicious email (phishing).
Faced with crisis scenarios like the one we are experiencing, the possibility of adopting the remote work regime is an advantage provided by the technological advances that we have obtained in recent years. However, there is a warning for companies that during this regime, their information and their employees are more exposed to cyber threats. Thus, it is up to everyone to redouble their attention and care when carrying out their work activities in order to ensure the continuity of the business and the security of information in a conscious and effective manner.
* Jefferson R Silva is IT Governance Consultant | ITIL Expert | ISO20000 |
SAFEWAY is an Information Security consulting company, recognized by its clients for offering high value added solutions through projects that fully meet business needs. During these years of experience, we have proudly accumulated several successful projects that have earned us credibility and prominence in our clients, which constitute in large part the 100 largest companies in Brazil.
Today, through 17 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people. SAFEWAY's SOC uses QRadar to monitor customer environments.