Is your remote working secure?
When Jane received a brand-new laptop and a smartphone as part of her home working package, she was elated. “Every crisis comes with a silver lining”, she whispered to a friend as she packed her newly acquired gadgets as she moved her office to home.
Remote-working (teleworking) is a must for several enterprises to survive in business today, following the COVID-19 pandemic crisis. There has been an unprecedented rise in virtual workplaces where employees are working from geographically dispersed areas, both within and outside standard business hours. Remote working has been fostered by various information and communication technologies that include e-mail, videoconferencing, teleconferencing, discussion groups, chat rooms, project management software, collaborative design tools, knowledge management systems, and message boards.
The coronavirus pandemic has changed the way people live, work, and communicate. Traditional leadership styles have been disrupted too. Every disruption brings opportunities and threats. Whereas Jane’s employer was flexible and agile in providing the required capabilities in terms of a laptop and a smartphone to act as a modem to connect to the Internet from the home office, they forgot a critical element of security hygiene briefing for remote workers.
Working from home can give a false sense of security and comfort to the extent that some basic security procedures and practices are easily compromised than they would in a corporate and regularly monitored workplace.
Because the threats against mobile computing devices are increasing, it is worth implementing these cybersecurity recommendations, selected from the NIST guide to telework and BYOD security:
- Limit access to the device. Using some sort of authenticator (PIN, password, or biometrics e.g. owner’s thumbprint) deters access to the employee’s information and service by a person who gains unauthorized physical access to the device. It is also advisable to configure the devices to lock themselves automatically after an idle period.
- Disable networking capabilities except when needed. Attackers can try to use necessary networking capabilities, such as IEEE 802.11, Bluetooth, and NFC on mobile devices to access information and services. You must disable each networking capability that is not being used.
- Keep devices updated. Most mobile devices can be updated or patched to eliminate known security flaws. Follow the provided instructions to ensure that security updates are identified, acquired, and installed regularly, at least weekly.
- Encrypt data at rest. If your device is stolen, some thieves may want to read the contents of the data on the device, and quite possibly use that data for criminal purposes. Most operating systems have their full-disk encryption mechanisms, and there are also numerous third-party applications such as VeraCrypt that provide similar capabilities. You should follow your organization’s policy for encrypting all sensitive data when it is at rest on a device and removable media used by the device.
- Back up data on your devices. Most organizations have policies for backing up data regularly. If data is being backed up remotely to a system at the organization, then the communications carrying that data should be encrypted and have their integrity verified. Similarly, if data is being backed up locally to removable media such as CDs or flash drives and hard drives, the backup should be protected as well as the original data is.
- Do not connect the device to an unknown charging station. Many charging stations enable people to recharge their mobile devices through direct-wired connections between a device’s USB interface and the charging station. Unfortunately, someone may have altered a charging station, such as one in a public area, so that it attempts to automatically gain unauthorized access to the data, applications, services, and other resources on mobile devices that attach to it.
Security is the responsibility of the individual user. You must be careful whenever your computer or mobile device is connected to the Internet. As technology evolves, so do attack vectors and their sophistication. It is also important that you continuously keep updating yourself with new information in the cybersecurity landscape.
Responses