Share on social networks!

Implement these 6 protection measures and avoid cyber incidents when working remotely

As a result of the normalization of remote work since the pandemic, cyber incidents involving teleworking have skyrocketed, highlighting the need for all parties involved to implement additional security measures to avoid (or minimize) security incidents.

Cyber incidents in teleworking: cybersecurity measures

For businesses, it's important to keep in mind that today's security perimeter is somewhat diffuse, with servers in different cloud networks from different providers or employees working from all over the world (homes, hotels, cafes, etc.). Furthermore, we tend to worry about technological threats (vulnerabilities, misconfigurations, etc.), when we should be primarily concerned about identity theft: for an attacker, it takes much less time to steal a credential (they sell them by the pound on the Dark Web) than it does to identify a vulnerability, exploit it, and leave no trace.

Avoid cyber incidents with basic measures: Double authentication factor

Therefore, one of the first measures to implement is two-factor authentication. This way, even if the credentials of one (or more) employees are compromised, attackers won't be able to access corporate resources without having the employee's card or phone number on hand (to avoid confusion: never use SMS as a second authentication factor).

Using VPN to increase security when working remotely

A good way to protect server access, albeit a traditional one, is to use a VPN: it encrypts data, allows user identity verification, and even verifies that the client (the employee's PC) complies with a series of security measures.

Implementing Zero Trust in Remote Work

What else do we need? Well, we need to constantly verify that the user is who they claim to be and that they have access to the resources they're trying to access. This is where the concept of Zero Trust comes into play: not only must we verify the user's credentials and that the device complies with corporate policies, but we must also constantly monitor the employee's actions. If we also microsegment the corporate network (without forgetting the traditional onion model: DMZ, server network, employee network, etc.), we'll be perfect.

Proxy as a cybersecurity measure in teleworking

Continuing with the ethereal nature of the perimeter, why would we send all browsing traffic through a VPN, process it on-premises, and then send it back to the Internet? Let's use a cloud proxy to streamline policies and make it convenient for employees: this way, we prevent employees from using other means to access the information they were trying to view (or share), while ensuring the security of corporate information.

And finally, the well-known (hopefully, by now) EDR/XDR: global outages aside, signature-based solutions have little to do against today's threats, so having a solution that identifies anomalous behavior is the least that can be expected today.

30066

In the case of employees, a number of measures can also be implemented to improve corporate security. What if a cybercriminal decides the best way to access corporate resources is by targeting a specific employee?

Remote work using WPA3

Whenever possible, you should always use wired connections: WPA3 is not yet widely implemented (or is used in compatibility mode with WPA2). If your risk appetite is low, a good security measure is to use wired networks.

Dumpster diving prevention

Let's never forget about dumpster diving. Let's avoid printing sensitive information at home as much as possible, and if we absolutely have to, let's destroy it securely.

And, above all, let's never mix personal information with professional information: let's not use personal email accounts, let's not use the same credentials... basic digital hygiene measures, really.

Learn much more about security strategies and threat analysis on our blog. Professional Master in Cybersecurity, Ethical Hacking and Offensive Security.

Subscribe to our newsletter to stay up to date with all the news

EIP International Business School informs you that the data in this form will be processed by Mainjobs Internacional Educativa y Tecnológica, SAU as the party responsible for this website. The purpose of collecting and processing personal data is to manage your subscription to the newsletter as well as to send commercial information about the services of the data controller. The legitimacy is the explicit consent of the interested party. Data will not be transferred to third parties, except under legal obligation. You may exercise your rights of access, rectification, limitation and deletion of data at compliance@grupomainjobs.com, as well as the right to lodge a complaint with the supervisory authority. You can consult additional and detailed information on Data Protection in the Privacy Policy that you will find on our website.
Master Cybersecurity Professional Master

Leave a comment

EIP International Business School informs you that the data in this form will be processed by Mainjobs Internacional Educativa y Tecnológica, SAU as the party responsible for this website. The purpose of collecting and processing personal data is to manage your subscription to the newsletter as well as to send commercial information about the services of the data controller. The legitimacy is the explicit consent of the interested party. Data will not be transferred to third parties, except under legal obligation. You may exercise your rights of access, rectification, limitation and deletion of data at compliance@grupomainjobs.com, as well as the right to lodge a complaint with the supervisory authority. You can consult additional and detailed information on Data Protection in the Privacy Policy that you will find on our website.