By Edilson Lima, Security Manager at CAIS/RNP
Although not something new, in recent years remote work, or home office, has become the only way to keep a lot of works running. After the great crisis of the pandemic, many companies are now looking to explore the benefits of this model for their business and many people have come to consider this work model as the only option for a new job. Technology, in this context, serves to facilitate and expand business capacity, so it has adapted and developed new facilities to make this work model more efficient, the use of videoconferences, collaboration platforms and management has expanded. And information security has also adapted to this new reality, both in terms of technology and the adoption of good practices by employees.
Faced with this new scenario, people need to update some security concepts that have always been publicized when they were in the corporate ambience and be aware of new situations that can compromise information security. It’s necessary to be aware of some essential safety precautions in the home environment. As you read, some of these safety measure will be presented:
Having a physical space dedicated to corporate work
Since it is possible to work from practically anywhere, the risk of having your work accessed or even altered by other people who share the same location is greater and needs to be avoided. It is important to remember that all information accessed or produced during work belongs to the company, therefore, it must be protected as if it were in the office. Some may think, “But I’m in my house, nobody here wants to harm the company I work for.” For this, it is necessary to consider that the related risks are not only due to intentional actions. In an environment without any type of restriction, other people can misplace or lose information on paper or removable media, or even become aware and later comment on it with other people, which compromises the confidentiality and secrecy of that information.
Use company-authorized equipment
This aspect is essential so that the company’s information technology and security teams can apply adequate security controls. If the company provides equipment for corporate use, the work must be performed from that equipment, it will have the settings and software installed that are compatible with the company’s security. If the company allows the use of personal equipment for work, it is necessary to be aware and follow the safety recommendations passed by the security area, in order to keep the equipment updated, monitored and protected by the company.
Care with the home network and use of VPN or ZeroTrust software
Several studies point out that cyber-attacks began to exploit security flaws in the home internet. There is usually less concern about the strength of the home’s wifi password, or keeping track of which devices are connected to that network. So it is necessary for the employee to think that the home network is managed by him, the company’s technology and security team is not taking care of that network. In this case it is important: apply strong passwords on the wifi network, to prevent strangers from connecting and monitoring the traffic of the home network. In addition, it is essential that during remote work you make use of VPN or ZeroTrust software deployed by the company, these software apply an additional layer of security to internet traffic, preventing other computers on network from monitoring and stealing traffic data.
Report any suspicious action
This care is essential so that the security team can act in the face of threats. Each employee can act as a security monitoring agent, informing the security team about anomalous behaviour on their computer, suspicious messages received by email or any other means, difficulties in accessing web pages or any other situation that did not occur in the office. This attitude can help the company identify threats or attack attempts in progress, improving response and protecting data.
With these simple actions, it is possible to enjoy the benefits of remote work without compromising the security of corporate information.
About the author
Edilson Lima is the Security Manager of CAIS/RNP – RNP Security Incident Response Team.
Also this year GÉANT joins the European Cyber Security Month, with the campaign 'A Community of Cyber Heroes'. Read articles from cyber security experts within our community and download resources from our awareness package on dev.connect.geant.org/csm2022