Necessary data security measures to ensure safe remote working for employees
Bucharest, 20 March 2020 – Amid the COVID-19 (coronavirus) outbreak, already a significant part of companies in Romania has decided to instruct employees to work from home in order to ensure their safety while safeguarding the business continuity. Most of the employees continue their work using the devices provided by the employers, while some might continue working using their personal devices simply because of the lack of necessary infrastructure in place. This situation as well as the fact of how sudden the companies had to take these preventative measures, has already been exploited by the hackers. Therefore, ensuring information security is the second most important thing that companies need to take care of, right after ensuring the safety of their staff.
Cybersecurity experts have already detected several phishing and malware infections that cybercriminals are trying to exploit for system vulnerabilities and people’s fears about the pandemic. These cyberattacks as well as attempts to steal information are primarily caused because in the majority of cases, the internet environment at home is well below the level of cybersecurity standards that are in place at companies. Additionally, IT system administrators have to resort to the implementation of provisional solutions, without prior testing, for a large number of users and without a complete risk mitigation plan.
“The necessity for mobility and remote access extends the transit and storage of information outside the infrastructure of the company or institution. The security risk is even greater if a company device is not used to remotely connect. Typically, companies’ equipment and devices are updated at least with a minimum level of security such as upgraded operating and antimalware systems, encrypted hard disk, automatic screen lock and so on, but these security controls become difficult to perform in the work of at a distance, putting the company’s data at risk. In the event that people access services or files from a laptop or PC infected with malware, the situation can lead to a scenario that malware steals or alters the data and even reach the network of the company or institution, which it would mean financial and image losses” said Victor Gansac, CEO at Safetech Innovations.
In order to ensure the safety of the information amid the crisis, the company management, as well as IT system administration, should ensure the following:
- Remote working policy – the policy should specify:
- the specific tools and programs that should be used when working remotely;
- outline the prohibited actions such as the transmission of documents through messaging applications such as Facebook, Messenger, WhatsApp or uploading them onto public sites for transfers;
- the type of information or IT services that can be accessed or stored on working devices and the minimum-security procedural controls;
- the procedure for making the connection with the company systems or reporting an incident.
- Use of additional security measures. In case the company cannot provide equipment for employees to use at home, it is necessary to add security solutions that separate the work environment, from the employee’s personal device, from personal data, and for personal use of the equipment.
- Educating users and raising awareness about risks. Users should be supported to take care and operate safely, following clear procedures. This should include guidance on at least securely storing and managing access credentials, separating business from private environment or reporting incidents.
- Data protection at rest. Minimizing the amount of information stored on a mobile device to the minimum necessary to perform the business activity that is delivered outside the office environment.
- Data protection in transit. Using secure VPN connections whenever you work remotely, as well as multi-factor authentication to connect to application services.
- Defining an incident management plan. Working from a distance entails significant risks and there is the possibility of security incidents occurring even when users follow security procedures.
The best manner to control the situation in real-time is through continuous monitoring through a Computer Emergency Response Team, within a CERT / CSIRT (Cyber Security Incident Response Center), which allows real-time detection of attacks and abnormal behaviors that may arise from hackers trying to reach a company’s information. The activity of a CERT allows continuous monitoring of all remote connections and accessed systems and thus ensures full security of information.
About Safetech Innovations
Established in 2011, Safetech Innovations is currently the only dedicated information security company on the Romanian market, specialized in the field of cybersecurity and implementation of cybersecurity solutions. Safetech Innovations’ services include data protection, identification of vulnerabilities and risks, response to cybersecurity incidents (through STI CERT – Safetech Cyber Security Incident Response Center) and creating an organizational culture oriented towards safety, as well as implementation of cybersecurity solutions and measures. The company has a large portfolio of clients, having worked with more than 10 key institutions from the financial sector, international players as well as local companies from the energy, FMCG, telecom, IT&C and transportation sectors, just to mention a few. In November 2019, Safetech Innovations became the only Managed Security Service Provider of American software producer Splunk, leader in cybersecurity events, and incidents management systems worldwide.