The recent news that all 3 billion Yahoo accounts were hacked in 2013 underscores just how vital it is that organizations maintain robust security standards across the hierarchy.
Although it is essential that firewalls, patch management, and other automated IT services be in place, this is rarely enough. Enterprises are only truly protected when stakeholders at all levels are actively involved in maintaining information security.
It is no surprise that non-technical stakeholders are often targeted by sophisticated attacks.
Outside antagonists believe – often rightly – that those with minimal technology training are more likely to respond to attacks in predictable ways. With the growing prevalence of remote work and “Bring Your Own Device,” however, no team member is free from IT security concerns.
Complete training on working remotely & Wi-Fi security should be furnished as part of the new employee onboarding process. Targeted updates and retraining should be executed at least once annually, and more often for team members who routinely work remotely.
Let’s review some of the most important security points on working remotely & Wi-Fi security.
Password exposure can occur for a wide variety of reasons, including simple human error – such as writing passwords down somewhere in the work environment or allowing others to observe password input. Be aware of these issues:
With two-factor identification, unusual or high-privilege activity must be verified on the user’s mobile device. Requiring two-factor identification can make many network resources extremely difficult for an outsider to access. It should be implemented broadly across the enterprise.
Limited Login Attempts
Simple password errors are usually caused by accidental caps lock. Should a login take more than three tries, it is often a sign of foul play. Placing administrative limits on how many login attempts can occur in an hour significantly deters intruders and creates a clear attack fingerprint.
Auto Disconnect After Inactivity
Users place assets at risk when they become distracted and leave the work area. Banks and other sensitive consumer services have been proactive in limiting inactive user sessions; enterprises should follow suit. An idle session should rarely be permitted to go beyond ten minutes.
Require Flash Drive Encryption
Unfortunately, most organizations have lost the war against handheld storage media such as flash drives. If flash drives must be permitted, it is wise to require that they be encrypted. This helps to prevent misuse of confidential data if the device is stolen or – much more commonly – lost.
Be Alert in Public
Be extra vigilant when connecting to the network from a public location, such as an airport or coffee shop. It may only take a few seconds for someone to notice and record a password. The best practice is to sit in a corner whenever possible.
Theft of Mobile Devices and Laptops
Physical control of resources is a serious issue when traveling. A stolen mobile device, no matter its level of password security, will eventually fall prey to any determined attacker. It’s important to deter theft by all available means.
Keep Devices in Sight
A visible device is a safe device. Never leave a device out of your sight in a public place. If you must leave a device behind, be sure to lock it in a hotel safe. These safes are designed to make any attempt at theft a prolonged and frustrating experience.
Use Good Password Hygiene
Changing passwords too frequently can lead to confusion and make them less effective. That said, it is wise to change passwords after any trip, particularly if you are going abroad. If you must connect to an unsecured public network, change passwords immediately afterwards.
Even in cases where encryption does not protect all the data on your device, it is very effective for delaying attackers so that enterprise network resources can be secured with new passwords.
General Network Security Standards
Keep Security Up to Date
Automated services like antivirus, email screening, access management, and patch management must be kept updated to remain effective. Ensure that these services are configured to provide maximum defense against novel “Day Zero” attacks.
Emphasize Cybersecurity Training
It may only take a few hours to train team members in cybersecurity basics, but it can make all the difference. In particular, users should be cautioned to avoid public Wi-Fi for sensitive work and should be able to recognize the signs of a phishing email. Likewise, they should ensure any device used for work purposes is not accessible to family members or houseguests.
It deserves to be emphasized: Encryption is the enterprise’s most powerful technical tool. Use it.
NCA can help your enterprise achieve world-class standards in working remotely & Wi-Fi security. Our experts will execute a complete “defense in depth” strategy to harden your IT assets on multiple levels. To find out more,contact us today.
Network Computing Architects, Inc. is a premier provider of high quality sustainable and secure networking, information security solutions and unified communications. We partner with our clients to provide answers to business initiatives where leading technologies converge.
NCA achieved ISO 27001:2005 certification in December 2007 and is currently ISO 27001:2013 certified. The scope of NCA's ISMS is client confidential information within NCA Professional Services Practice.