Cyber Security Best Practices for Work From Home / Teleworking

IARM, Cybersecurity Services
  • Do not open the flood gate to accommodate all users during BCP. Validate Business requirement and need for each user and decide
  • Perform a Risk Assessment weighing the pros and cons of extending the teleworking options to employees
  • Prepare an Information Security Training kit and ensure that all employees are aware of their responsibilities and role in adhering to the organisation Information Security Policy.
  • Perform Network Penetration Test for all your devices are exposed to the public network which forms part of authentication service for the teleworking services.
  • If you are doing IT services for your customer, Ensure that you get formal approval from your customer before you enable remote access
  • Have a clear check and validate procedure before extending the end users to use their personal laptop/desktop. Sanitise their device and have a clear monitoring mechanism to check if all the required patch, Antivirus and minimum security checks are performed on the end users personal device
  • Prior to give business application access to external network, perform a detailed and complete Application Penetration Test
  • Avoid Remote Desktop Protocol (RDP) over the internet. RDP, if not configured and secured, can act as a gateway for cyber criminals to access sensitive internal resources
  • Does your organisation have Mobile Device Management Solution in Place for Mobile users? If not it is recommended to implement MDM while users are given access to organisation information using their Mobile Phone.
  • Use a reliable Virtual Private Network (VPN) to establish a secure channel between end user systems and organization network. Some of VPN best practices listed below
  • Implement Multi-Factor Authentication (MFA) on all VPN connections to increase security. If MFA is not implemented, enforce end users to use strong passwords
  • Ensure IT security personnel test VPN limitations to prepare for mass usage and, if possible, implement modifications — such as rate limiting — to prioritize users that will require higher bandwidths.
  • Update latest patch (Some organization they don`t update VPN patch due to continuous utilization)
  • Establish 24X7 security alert monitoring for your external facing devices, VPN and Business application. If you already have SOC services (Security Operation Center), Ensure security rules are updated and all business applications and network devices are covered as part of monitoring
  • Ensure to maintain compliance, privacy and regulatory requirements in Information security management services such as GDPR, HIPAA, PCI etc., when users work remotely.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
IARM Information Security

IARM, leading Cybersecurity Company offer a wide range of Information Security Packages to suit every business for every size. Check it out www.iarminfo.com