Top 5 Security Tips for Telecommuting for Uncompromising Security
As the COVID-19 crisis continues for a long time, various social changes are taking place.
Instead of avoiding physical contact as much as possible, it has become commonplace to shift the overall life to online processing, and as social distance is put into practice, a culture of life refraining from face-to-face contact is spreading.
Starting with non-face-to-face services such as telemedicine, educational institutions and religious organizations have also been actively operating services using online platforms.
In particular, the transformation of workplace is accelerating.
Many companies and institutions at home and abroad have already begun to conduct non-face-to-face operations such as telecommuting and video conferencing. Experts continue to adopt smart work and security solutions, such as telecommuting and teleworking support.
This full-fledged transformation of the work system was made possible through the establishment of work environments such as VPNs, cloud and smart working systems, but how employees can handle internal work from the outside and how to safeguard key data and protect corporate key assets is a realistic problem.
Typically, the most secure way to connect to a corporate network is known as using a VPN. A VPN, Virtual Private Network, is a connection method used to add security and privacy to private and public networks, like WiFi Hotspots and the Internet. However, recent examples of serious vulnerabilities found in VPN products used by government agencies, academic organizations, and businesses around the world suggest that this is not a completely secure method.
Softcamp examine the various types of security threats that COVID-19 changed, the various types of security threats to telecommuting, and suggest the security rules accordingly.
▲ Top 5 security tips for telecommuting for 'security without compromise'
1. Install the latest security patch and anti-virus program
When using a personal PC for work at home, it is recommended to update all software such as the operating system and Internet browser to the latest version and use an antiviral vaccine. Patches and vaccines are the most important and basic rules for protecting your device. Remember that most recent APTs are exploiting vulnerabilities in the operating system or software, and run automatic updates and real-time monitoring of vaccines. It is also important that the vaccine is always up-to-date.
2. Be careful when connecting to external websites and networks
Indiscriminate access to external sites on a business PC is one of the most common mistakes users make. After connecting remotely, it is safe not to access any site other than business-related, and the app or software should be downloaded and installed only through the official path. In addition, it is recommended that you pay attention once again when executing files downloaded from various websites or received by e-mail.
In addition, special attention is required when connecting to an open wireless network. When working, you should always connect to a secure network that you can manage. When you inevitably need to access public Wi-Fi, use it only for web searches, and avoid tasks such as login, authentication, and payment.
3. Enhance VPN security
Most businesses that are currently working from home are doing over VPN. The most common use of a VPN is for secure, client-remote access. This allows an authorized remote user to connect to a VPN and gain access to internal resources while maintaining the security of the transmission. However, experts predict that incidents due to VPN vulnerabilities and inadequate use will occur everywhere, and that data breaches will increase rapidly during the corona period.
To respond to this, experts recommend:
1) Check whether the VPN solution is the latest version on the server, firewall, or telecommuter's desktop that provides the VPN solution.
2) When malicious codes, etc., are transmitted through a VPN in a remote home environment, it is difficult to detect and respond in the delivery process due to encryption. Therefore, not only data encryption through VPN but also end-of-encryption endeavors to enhance threat detection and response.
3) If left unattended for a long time after connection, there is a risk of backdoor occurrence, so be sure to close the VPN after leaving the room or after work is finished.
4. Restrict document output function according to information importance and apply e-DRM
One of the biggest reasons many companies struggle with telecommuting is probably a significant data breach. The fact that telecommuters work in vulnerable environments is an attractive cybercrime target for hackers and cybercriminals. Encrypting various documents of the company, such as contracts and design drawings, is essential, and it is necessary to closely check the security environment at work. Therefore, companies are required to operate a document encryption policy that fits the organizational chart to prepare for the risk of leakage and loss of important documents, and it is recommended to utilize DRM solutions such as limiting the document output function according to the importance of information.
Softcamp provides strong security for the integrated life cycle for electronic documents distributed inside and outside the
company through 'Document Security', an information leakage prevention solution that is essential for corporate information security. Organization and user authority management is possible for all processes from document creation to distribution, so it is possible to track information, which is the core asset of the company, regardless of where you work in any space.
Moreover, security demand for 'S-Work', a solution that encrypts unstructured data from industrial confidential information to customer information leakage prevention, is also increasing. In certain industries such as shipyards and construction companies, programs such as CAD are commonly used. By separating the PC environment into general and secure environments, S-Work that secures all data generated in the secure environment by designating it as a virtual security area is a secure process for all programs that require high-performance work such as large-capacity CAD, 3D and development tools. It can be managed and controlled. Companies are urged to review current security measures to ensure safe access to all documents and data.
5. Establishment and implementation of security policy for telecommuters
While many companies usually operate strong in-house security policies, they often do not operate separate security policies outside the company. However, even in remote work, it is necessary to recognize that it is a continuation of existing company work and to establish and maintain a security policy that is consistent with business performance. It is a good idea to provide overall guidance on ho
w to handle telecommuting, including proper handling of documents, online communication between employees, and reviewing equipment required for remote business processes, and employees are obligated to comply with these policies.
The in-house security department must have monitoring tools and technologies to find potential sensitive data that can be leaked, and policy is required to install anti-virus software on computers that access in-house resources. In addition, educating employees on cybersecurity practices and enforcing security policies that strictly control access to confidential information and allowed apps will help businesses enhance cyber-security and reduce potential threats to collaborative software.
Forbes, a US economic magazine, recently reported through the analyst that the trend in COVID-19 is the biggest opportunity for “work from home”. Given the current situation, telecommuting is no longer perceived as an ideal form of work, but more companies are likely to consider adopting it more actively.
Meanwhile, new information technologies and services are applied in the smart work environment of telecommuting, and various security vulnerabilities are inherent. Cybercriminals are also aiming for small holes that result from the fact that potential targets are at home, making security nets relatively weaker than companies, and failing to follow general security practices.
Faced with this unfamiliar working environment, it is time to create a safe and reliable environment with the perception that there is no compromise in security. Development of security guidelines for remote tasks for users, introduction of remote systems, and efforts to protect information in terms of management as well as technical aspects such as strengthening the responsibility for information security of enterprises and institutions, and above all, continuous user security education and training is important.
There is no compromise in security.
In a changing work environment, it is time to build a productive and safe work environment by stricter security awareness and by complying with the basic rules and choosing the appropriate security solution.