1

In recent years, organizations worldwide have adopted remote work. While this transition provided some benefits, several issues were recorded. Security administrators struggled to keep their data safe as cyber breaches and attacks increased.

Luckily, employees can help maintain a secure IT infrastructure and keep the organization’s data protected. This post lists [the best practices that you can implement to improve data security and minimize the risk of ransomware and phishing attacks] (https://www.nakivo.com/blog/tips-to-protect-data-when-working-from-home).

Step 1: Keeping the Software Up to Date

Employees working remotely should be especially attentive when it comes to updating their software on time. Unpatched app vulnerabilities cause [around 30%] (Unpatched Vulnerabilities Caused Breaches in 27% of Orgs, Finds Study | Tripwire) of all security breaches.

This rule applies to all software used on work devices such as the OS on a laptop or different applications on a smartphone. The faster you install patches and close backdoors in apps, the fewer opportunities a hacker can have to infiltrate the organization’s IT environment.

Step 2: Ensuring Video Conferencing Security

Online meetings, webinars and video calls may contain confidential data that should not be shared publicly. Thus, it is critical to ensure the privacy and security of video conferencing.

You can prevent third-parties of gaining unauthorized access to your data while in a meeting by implementing the following practices:

  • Use paid accounts and licenses since they offer powerful security functions in collaboration and conferencing apps.

  • Organize calls with a unique ID and password.

  • Add a waiting room to the call to limit sudden connections.

  • Lock calls once a meeting begins to avoid new and unwanted connections.

  • Allow hosts only to use screen-sharing features.

Step 3: Staying Alert When Using Public Wi-Fi

It is recommended to never connect corporate devices to public networks such as those in cafes, train stations, airports or hotels.

In case you have to use a public Wi-Fi, try to reduce connection timing by finishing the task as quickly as possible. In addition, avoid sending or receiving sensitive data.

Step 4: Watching Out for Phishing Emails

Phishing attacks are responsible for most security breaches. Since email communication is indispensable within an organization, you should keep in mind the following:

  • Stay attentive when opening new emails on your work account.

  • Avoid clicking on suspicious links or attachments.

  • Check the URL of the link you want to open.

  • Run files in attachments only if you are 100% sure about their content.

Step 5: Creating Strong Passwords

Employees should always come up with unique, strong and reliable passwords for each application and account they use. To do so, follow the recommendations below:

  • Create complex passwords containing at least eight characters including uppercase and lowercase letters, numbers and special symbols.

  • Avoid using the same password for private and corporate accounts.

  • Try not to add a random set of symbols.

Step 6: Using Personal Devices for Work

You should avoid using personal devices such as laptops or desktop PCs for work purposes. Separating private activities from professional tasks can improve data protection and infrastructure security.

System administrators may find it difficult to verify the safety of the files you download or use on a personal device. In addition, work devices have stricter access limitations to applications and data without causing any inconvenience.

Step 7: Controlling Work Materials and Devices

It is essential to maintain complete control over the devices that you use to access business data. When possible, keep them within your possession at all times so you do not lose them.

Set a reliable password for your OS and configure auto-blocking after a short period of inactivity. You can also set a BIOS password to protect the device on launch.

Step 8: Enhancing Remote Work Security as a System Admin

While employees have a role to employ in ensuring infrastructure security, system administrators should also implement several measures to protect their data:

  • Migrating work instruments to the cloud: Cloud services allow you to centralize and control all work materials and data. You can also give access to the employees while managing access rights.

  • Using VPN: A virtual private network serves as a firewall that protects devices from unauthorized access.

  • Enabling multi-factor authentication: Set an additional protection layer for remote logins by forcing users to add a private code when accessing applications.

  • Separating internal networks: You should have separate networks for different departments and purposes. This means that an infection or a breach within a specific network does not propagate across all the organization. Cybercriminals need to break through more barriers before reaching valuable data.

  • Configuring role-based access control: Assign permissions and access rights to data and infrastructure elements to employees based on their roles and responsibilities. This helps you avoid unauthorized access to particular applications and sensitive data.

  • Educating employees: Make sure your users know how to keep the IT infrastructure secure when working remotely. Train your employees to reduce human error as much as possible.

  • Deploying a reliable backup system: Even if you implement all of these recommendations, you might still be the victim of a security breach. Backing up your workloads and data is the most reliable solution since it allows you to recover from any incident as quickly as possible.

As cyber threats continue to grow in sophistication and numbers, employees working from home should be conscious about the security of their devices and data. System administrators can also implement different measures to protect their IT infrastructure and prevent incidents such as breaches and ransomware infections.

Deploying a data protection solution like NAKIVO Backup & Replication remains the most reliable solution against such threats. Download the [Free Trial] (Download Free Trial | NAKIVO Backup & Replication) of the NAKIVO solution to safeguard your environment using numerous security features.

10 Spice ups
2

One of my customers, an accounting firm, has a policy of no personal devices used for work (although personal cell phones may have authentication apps installed for work purposes), and no work devices on untrusted networks. Here’s how they accomplish this for remote users:

They issue each remote user a desktop PC and three displays. They also issue a hardware firewall/router that serves as a VPN endpoint. The PC sits “behind” the firewall, and the router’s WAN port is connected to whatever Internet router the user has at their home. Any personal devices, including WiFi, must be connected to the Internet router or other connection, not the LAN side of the issued router.

The issued PC and router are held within the scope of management for the business network.

Issuing PCs and firewalls to each remote user is certainly more expensive than allowing Bring Your Own Device, but along with other security best practices, it helps the company ensure that the remote devices are compliant with policy.