Cybersecurity: Safeguarding Data in Teleworking Era

1 april, 2020. – Nowadays, telework is more present than ever in the life of the Spanish people due to the state of alarm under which the country is. From Vector ITC they raise the most common scenarios where problems could occur during this period of remote work and recommend key actions to help companies to protect their data and minimize the risk related to their digital security.

In recent weeks, many organizations have implemented remote working among their employees to be able to continue with their activities. Some already had telework policies in place and have experienced fewer difficulties in moving to this model. However, most will discover obstacles during implementation as they have not had the time to prepare.

Two of the biggest contingencies in a scenario with a large number of remote connections is the overloading of the internal network and the need to ensure that all computers can connect to access the tools needed for their day-to-day work. This happens because nowadays most companies need to have their own internal network where to execute certain processes. If these scenarios were to occur, they would put the thousands of data stored at risk.

So how do you protect your organization’s data during this period of teleworking? Vector ITC recommends the following preventive keys in cyber security:

• Determine what data is stored: It is essential to audit all data, identify what is in the public domain and what is personal or key business data.
• Use multiple authentication methods: Passwords alone are not sufficient in many cases, so it is increasingly popular to use multiple factors, such as sending a code via SMS or biometrics for facial or fingerprint recognition.
• Enable the HTTPS protocol: The SSL/TLS certificate guarantees that the data transmitted between the browser and the server are encrypted, protecting them from possible intrusions by third parties
• Use strong and unique passwords: If the user uses the same password for all his accounts, the subtraction of this one in a single environment allows the access to the business platforms to which the employee has access. It is advisable to use a password manager, which automatically generates secure passwords and stores them to prevent them from being forgotten.
• Keep software updated: Development companies try to detect all possible vulnerabilities in their programs, and create patches that solve them as soon as possible before they are exploited by cyber criminals.
• Backing up: Many cyber attacks aim to steal or destroy data, which can result in millions of dollars in financial loss to an organization. It is essential that all sensitive data is backed up regularly and stored in secure environments, physically and virtually separate from the computers involved in day-to-day operations.
• Establish a policy of using your own devices: Training employees to access the business environment from their mobile phones or tablets, and designing an appropriate policy for the protection of these devices are essential measures.
• Enable secure email communications: To prevent data disclosure and phishing attacks, it is important to use tools to encrypt messages in transit and verify their origin.
• Simulate phishing attacks: Many organisations run simulation tests to check employee alertness, and detect staff training needs.
• Internal threat analysis: This type of study reveals threats to the IT infrastructure from within the company.
• Create rapid response guidelines: This is about preparing to respond quickly to a cyber attack. The plan must be known by the whole organization, and a person responsible for its execution must be appointed.
• Take out cyber insurance: The material and reputational losses that can be caused by a cyber attack are of immense value. It is essential for organizations to secure their infrastructure, databases and digital identity.
• Segmenting the network: It is necessary to prevent the entire computer network from being accessible from the same point. It is necessary to separate the infrastructures physically, and above all at the level of network architecture, to divide the systems according to their importance and to apply adapted security measures
• Monitoring the network equipment: it is very important to do it in a centralized way, enabling logs in all the equipment.
• Securely delete information: When files or data are deleted from a computer, their trail remains on the hard disk, making them recoverable. This entails significant dangers in the face of possible cyber attacks, so it is advisable to use specific data erasure tools, which overwrite the memory fragment with random chains.

“Data storage, especially of those that are classified as confidential, is often one of the most attractive targets for cyber attacks. Companies must ensure that their data repositories, whether on physical or virtual servers, have the necessary security measures in place to prevent theft, kidnapping or even destruction of the information”, says Rafael Conde del Pozo, Digital & Innovation Director of Vector ITC.

Vector ITC has a great experience in the design and development of solutions and services of Cybersecurity fully adaptable to each type of company. In addition, it has comprehensive solutions for the analysis of large volumes of data, essential for the efficiency of processes, improved decision-making and cost reduction.

For more information, consult and download our whitepaper about cybersecurity here (content in Spanish).