An Overview of Remote Work Cybersecurity Guidelines for Businesses
Because of the COVID-19 pandemic, many organizations had to transfer their employees to remote work. It served as open doors for cyberattacks.
If an employee opens a link in a phishing email about COVID-19, his computer is likely to be infected. Many cybersecurity incidents in industrial networks resulted in disruption of technological processes. They all began with infecting computers in the corporate segment of the enterprise network.
The risk of illegal use of remote administration systems for industrial automation is increasing.
To mitigate these risks, cybersecurity regulators prepared guidelines to secure remote business operations.
Here is a list of 28 recommendations to improve your business cybersecurity:
1. Conduct personnel training on security rules for remote working;
2. Make a list of devices to be provided to employees for remote work. Prohibit the use of personal devices;
3. Define resources to which remote access will be provided;
4. Assign the minimum necessary rights to users when working remotely;
5. Identify remote devices based on whitelisting;
6. Prevent unauthorized person access to remote workplaces;
7. Allocate devices for remote work of employees into a separate domain;
8. Use two-factor/multi-factor authentication of remote workers;
9. Provide remote access using cryptography (VPN);
10. Use antivirus software with up-to-date databases and regularly update them;
11. Prohibit software installation, except if required for specific work;
12. Monitor system security, including the registration and analysis of employee actions;
13. Block the remote access session when the user is inactive;
14. Provide prompt response to incidents;
15. Break enterprise networks into segments;
16. Update all services and equipment for remote access (VPN, network infrastructure devices);
17. Control the connection of external devices to devices intended for remote access;
18. Limit the speed of VPN connections to prioritize users who need higher bandwidth;
19. Deny access to the network using third-party services that independently authorize and authenticate users;
20. Use remote access to a virtual workstation with all installed information security tools;
21. Protect email with two-factor authentication and regularly scan email with anti-virus tools;
22. Use WPA2 encryption when connecting to the Internet via Wi-Fi;
23. Use password management and generate complex passwords;
24. Encrypt information on client devices;
25. Ensure that authorized administrators can manage remote access servers only from trusted hosts;
26. Make regular backups;
27. Test performance of remote access tools;
28. Update business continuity plans.
Particular attention should be paid to the protection of communication channels, access control and protection of endpoints. It is also necessary to increase employee awareness of the possible threats and conduct additional briefings on the rules for remote working.
Hopefully, the recommendations above will provide the necessary level of cybersecurity for businesses to prevent cyberattacks.
Go through the checklist; how many of these 28 points have you already implemented in your company?
