Cybersecurity When Working Remotely

Did you know… it is possible to work remotely while ensuring information security?

• Given the current context triggered by the whole Covid-19 situation, there has been a significant adoption of 100% remote work by part of the business fabric.
• In addition to requiring discipline and flexibility from work teams, remote work also means that work devices are outside corporate facilities, which requires the adoption of additional security measures to avoid undesired attacks.

1. Use secure networks and protect all your devices and documents

• Use the VPN (Virtual Private Network) provided by your company to connect to the corporate network in a secure way and to perform your tasks
• Whenever possible, avoid being connected to the company network while you are connected to other networks
• Reduce information extraction from corporate systems to the essential
• Reduce sharing corporate documents to the strictly necessary, using means that were previously defined by the organization for such purpose
• Avoid copying corporate files to USB drives and external drives
• Do data backups, according to the guidelines defined in your organization’s backup policy

2. Keep your passwords, software, and devices secure and up to date

• Create robust passwords, according to the security policy, avoid disclosing and reusing them, and update them regularly
• Always use the devices that were provided or certified by your company to work and do not share them with third parties
• Keep your security software (anti-malware, firewall, among others) and the applications you need always updated and aligned with the effective corporate practices and security policies
• Be defensive in security terms, by making sure that:
  • You separate personal and professional information
  • You do not install unauthorized software or software that is not for professional purposes on your work devices

3. Have meetings in a secure way

• Chose places where you can make professional calls without taking the risk of sharing confidential information with third parties
• Make sure that you have a simple background with no personal or family references in case you need to make videocalls
• Lock your sessions and put functionalities such as the camera or microphone on stand-by or turn them off whenever they are not being used
• Avoid leaving work devices unlocked, especially when you are sharing the room with children

4. Be careful when dealing with unsolicited e-mail

• Resist the urge to open unsolicited e-mails, even when they appear to include useful information about the COVID-19 outbreak
• Do not access links or websites, and do not open or download attachments of unsolicited communications. Many attackers have been using the pandemic to spread malware
• Make sure that you have the contacts of the IT/Security team of your organization to whom you must report suspicious behaviours or situations and ask for instructions or clarifications in case of doubt

5. Use trustworthy applications and information sources only

• Do not install any application that isn’t trustworthy or isn’t included in the official manufacturer stores (Google Play and AppStore) in your devices
• Be aware that attackers can use the COVID-10 outbreak to convince users to install malware in professional and personal equipment
• Use trustworthy information sources, such as the WHO and DGS websites, whenever you need to get information about the virus and avoid unsecured, potentially dangerous websites