Since COVID-19 was classified as a pandemic by the World Health Organization on March 11, many countries have adopted closure and containment measures that are still in place. In this context, many organizations are using teleworking methods on a massive scale. The figures of the Unified Communications as a Service (UCaaS) market prove it: Microsoft’s Teams software gained 12 million users and Zoom gained more users in the first quarter of 2020 than in the whole year 2019, according to the Forrester consultancy.
However, this whole situation has also generated more cyber security risks. On the one hand, the enormous interest aroused by the disease has been exploited by cyber-attackers to spread malware, either through phishing techniques or with domains that exploit Covid-19. On the other hand, teleworking leaves workers more exposed to the company’s systems and equipment, as they are not in the office or facilities, and the perimeter of attack is extended.
Awareness and tips to ensure secure remote access
Employees themselves and their awareness of potential risks are the best and most important line of defense in cyber security. This includes general recommendations that serve under any circumstances: do not open attachments from unknown senders, do not connect storage devices that may be insecure, periodically change your own passwords, and update the system and third-party applications used by the organization. But beyond these general tips, remote access to a corporate network requires extra precautions for equipment, connections and systems, which can be summarized as
- The equipment trying to connect must be protected with advanced solutions. Otherwise, they could be jeopardizing the company’s assets without being almost aware of it.
- The connection between the computer and the corporate network must be secured at all times through a VPN (Virtual Private Network) connection.
- This is a private network that allows you to work as if it were a secure local network without the need for its members to be physically connected to each other.
- The passwords we use to access corporate services, and always in general, must be complex and difficult to decipher to avoid being discovered.
- Not in vain, to certify that the connection is requested by the right user and that they are not trying to impersonate us, we should have a multi-factor authentication system (MFA).
- Firewall systems, whether virtual or physical, monitor incoming and outgoing traffic and decide whether to allow or block specific traffic based on a set of previously defined security logics.
- System, network, application and user monitoring services are more necessary in a teleworking environment, due to the greater number of devices and processes to be monitored.
- This includes the control of unstructured personal data on the equipment, which may contain sensitive or confidential information and be more exposed when the equipment is outside the organization’s perimeter.