Telework: what are the risks facing companies?
Today, many computer tools make it easier to work remotely.
In a situation where everyone is forced to stay at home, telework has become a requirement. It is not known how long this situation will continue, but until the health situation improves, people will still have a hard time working as before. But who talks about telecommuting must also highlight the risks involved. Intensive use of the Internet and other digital solutions also has drawbacks.
This article will also interest you: Telework and cybersecurity
Cybercrime is one of its problems. It is for this reason that it is recommended that companies since the beginning of this crisis, put in place a set of systems to protect themselves. "Companies need to evaluate their environment to avoid any problems. Said about Bitdefender's cybersecurity analyst, Liviu Arsene. He cites three threats to companies that they should be wary of.
1- Connection overload
In some contexts, companies are struggling to handle too many connections to their VPN server simultaneously. This happens when the structure is not prepared to withstand this kind of mass of work. This can be a real problem for those who work remotely, especially when they need some internal resources. The immediate consequences may be "disruptions to the workflow and potentially add additional pressure to the already overburdened IT department trying to solve the problem. »
2- Unser professional management of access policies
This is one of the most likely aspects to consider. Any company that embarks on the path of telework is at risk that access policies will not be very well managed. This could be explained by the fact that the control measures will not be disciplined. Liviu Arsene wrote: "The company is at risk of mismanagement of the company's network access, authorization and authentication policies. This could lead employees to access resources they should not have access to. »
3- Unlicensed tools
As we know, however, it is very important for reliable access to a company's computer system, the tools used should be approved for this. Therefore, accessing a professional infrastructure with a terminal that is not authorized could be perceived as a threat not to be taken lightly. The attitude in the face of this kind of situation would be immediately to stop the connection when such a terminal is detected. "Any attempt to access internal infrastructure with unlicensed tools must be treated as a potential risk to network security and blocked immediately. To minimize this risk, IT teams need to set strict rules and clearly state the customers, services and VPN applications supported by the company. " notes the security expert.
Faced with its risks, companies will be advised on certain practices that will allow them to ensure a minimum of basic security. The Bitdefender expert suggests: "At the top of the security practices to be adopted is to increase the number of simultaneous VPN connections, to allow all teleworkers to continue their activity without connection cuts. Second, setting up conference software that ensures both a reliable voice and video connection is a priority for the smooth running of remote meetings.
Ensure that all employees have valid identifiers that do not expire in less than 30 days, as changing expired Active Directory identifiers can be more difficult remotely. While many employees have to change their passwords before leaving the office, it is better to approach this procedure proactively than reactively. ». It will then highlight the rollout of updates in a gradual manner. This has the merit of being able to close the security loopholes that would arise. Updates should be distributed even to employees using the VPN network. And third, companies should never forget to encrypt the contents of their hard drives. Indeed, "Putting in place encryption of hard drives should be a priority. Encryption minimizes the risk of access to sensitive data or data compromise during device thefts. highlighted Liviu Arsene.
In addition, it is essential that employees are informed rules that will be taken and also about the applications of the platforms that will be used as part of the remote collaboration. "Employees need to be informed about what is being sanctioned and what is not. ». The final provision will deal with the deployment of security and surveillance tools. All this allows IT security teams to be constantly informed and also to be able to take appropriate measures in case of a problem.
Now access an unlimited number of passwords:
