Although not something new, in recent years remote work, or home office, has become the only way to keep a lot of works running. After the great crisis of the pandemic, many companies are now looking to explore the benefits of this model for their business and many people have come to consider this work model as the only option for a new job. Technology, in this context, serves to facilitate and expand business capacity, so it has adapted and developed new facilities to make this work model more efficient, the use of videoconferences, collaboration platforms and management has expanded. And information security has also adapted to this new reality, both in terms of technology and the adoption of good practices by employees.
Faced with this new scenario, people need to update some security concepts that have always been publicized when they were in the corporate ambience and be aware of new situations that can compromise information security. It’s necessary to be aware of some essential safety precautions in the home environment. As you read, some of these safety measure will be presented:
Having a physical space dedicated to corporate work
Since it is possible to work from practically anywhere, the risk of having your work accessed or even altered by other people who share the same location is greater and needs to be avoided. It is important to remember that all information accessed or produced during work belongs to the company, therefore, it must be protected as if it were in the office. Some may think, “But I’m in my house, nobody here wants to harm the company I work for.” For this, it is necessary to consider that the related risks are not only due to intentional actions. In an environment without any type of restriction, other people can misplace or lose information on paper or removable media, or even become aware and later comment on it with other people, which compromises the confidentiality and secrecy of that information.
Use company-authorized equipment
This aspect is essential so that the company’s information technology and security teams can apply adequate security controls. If the company provides equipment for corporate use, the work must be performed from that equipment, it will have the settings and software installed that are compatible with the company’s security. If the company allows the use of personal equipment for work, it is necessary to be aware and follow the safety recommendations passed by the security area, in order to keep the equipment updated, monitored and protected by the company.
Care with the home network and use of VPN or ZeroTrust software
Several studies point out that cyber-attacks began to exploit security flaws in the home internet. There is usually less concern about the strength of the home’s wifi password, or keeping track of which devices are connected to that network. So it is necessary for the employee to think that the home network is managed by him, the company’s technology and security team is not taking care of that network. In this case it is important: apply strong passwords on the wifi network, to prevent strangers from connecting and monitoring the traffic of the home network. In addition, it is essential that during remote work you make use of VPN or ZeroTrust software deployed by the company, these software apply an additional layer of security to internet traffic, preventing other computers on network from monitoring and stealing traffic data.
Report any suspicious action
This care is essential so that the security team can act in the face of threats. Each employee can act as a security monitoring agent, informing the security team about anomalous behaviour on their computer, suspicious messages received by email or any other means, difficulties in accessing web pages or any other situation that did not occur in the office. This attitude can help the company identify threats or attack attempts in progress, improving response and protecting data.
With these simple actions, it is possible to enjoy the benefits of remote work without compromising the security of corporate information.
About the author
Edilson Lima is the Security Manager of CAIS/RNP – RNP Security Incident Response Team.
Also this year GÉANT joins the European Cyber Security Month, with the campaign 'A Community of Cyber Heroes'. Read articles from cyber security experts within our community and download resources from our awareness package on connect.geant.org/csm2022
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
