10 cybersecurity rules for remote office work #3 | Raiffeisen Bank Aval 10 cybersecurity rules for remote office work #4 | Raiffeisen Bank Aval
New MyRaif convenient application
Download Download
Menu
For private customers For businesses Premium Corporate clients
Cards
Loans
Deposits
Insurance
Online services
Account
Loans
Deposits
My Business Club
Online services
About premium
Packages
Loans
Deposits and Investments
Insurance
Accounts and Payments
Financing
Deposits
Services
Online services
Sign in Transfers and Payments
For private customers 10 cybersecurity rules for remote office work #5 | Raiffeisen Bank Aval 10 cybersecurity rules for remote office work #6 | Raiffeisen Bank Aval
Cards
Loans
Deposits
Insurance
Online services
For businesses 10 cybersecurity rules for remote office work #7 | Raiffeisen Bank Aval 10 cybersecurity rules for remote office work #8 | Raiffeisen Bank Aval
Account
Loans
Deposits
My Business Club
Online services
Premium 10 cybersecurity rules for remote office work #9 | Raiffeisen Bank Aval 10 cybersecurity rules for remote office work #10 | Raiffeisen Bank Aval
About premium
Packages
Loans
Deposits and Investments
Insurance
Corporate clients 10 cybersecurity rules for remote office work #11 | Raiffeisen Bank Aval 10 cybersecurity rules for remote office work #12 | Raiffeisen Bank Aval
Accounts and Payments
Financing
Deposits
Services
Online services
10 cybersecurity rules for remote office work #13 | Raiffeisen Bank Aval 10 cybersecurity rules for remote office work #14 | Raiffeisen Bank Aval 10 cybersecurity rules for remote office work #15 | Raiffeisen Bank Aval 10 cybersecurity rules for remote office work #16 | Raiffeisen Bank Aval 10 cybersecurity rules for remote office work #17 | Raiffeisen Bank Aval 10 cybersecurity rules for remote office work #18 | Raiffeisen Bank Aval
Eng
Menu
Transfers and Payments Sign in
Blog
17 July 2020

10 cybersecurity rules for remote office work

Not everyone has quarantined, and the chances of returning to it have not yet fallen. In the fall, distance work can again become the main form of activity. The translation of business processes and employees online has posed new threats to companies. We collected the rules of IT-business security from the experts of the CYBERSAFE PANDEMIC conference, which we visited, of course, online.

Create a security policy

Correctly configure the Firewall, regularly update the modem software, invite specialists to configure the PC - this is where security begins. But even with expensive corporate network security solutions, the company is not protected from threats. According to statistics from the Ponemon Institute, in 54% of cases, the cause of a cyber attack is the negligence of a company employee or contractor. Therefore, it is more important to provide the organizational basis:

prescribe security policies and procedures;

control personnel and contractors;

train cybersecurity staff.

Store Digital Assets

“Why break the lock when you can steal a key?” - This is how experts describe the need for identity management to protect digital assets. If the criminal receives the credentials, then he will be able to do what the legitimate user is. Digital assets - a set of IT-resources of a company: applications, services, web resources, CRM, advertising offices, accounts. All assets are united by the presence of an account: mail, login, passwords for user authorization. It’s easy to steal someone else’s password and login: often employees mold stickers with passwords on a monitor or keyboard. Accesses and passwords also often lie in shared folders in the cloud, where the entire organization has access.

Differentiate access rights

During the transition to online mode, employee access control systems changed; chaos occurs in many companies. All this must be streamlined by administrative methods.

Onboarding is the process of hiring and issuing all accounts to a new employee. Outboarding is the reverse process. A common problem is to leave access to company resources to resigned employees. Inter-department transfers can also mean other access rights and require a change in rights.

If the contractor registers domain names, advertising accounts or accounts, he is obliged to transfer the rights to the customer. Ordinary employees cannot have privileged accounts and admin rights. Administrators of databases, CRM-systems have access to all the info and can change, delete the info so that no one will notice. An ordinary employee should not be able to install anything on a working computer! Common business security issues related to access permissions:

theft of account attributes;

excessive rights of employee accounts;

malicious actions of employees with privileged access.

Make it a rule to delete accounts and take away access rights after the employee quits, preferably even proactively. Prohibit the use of technology accounts when a single account is created for technical functions that is used by several admins. It is also necessary to provide account recovery tools: mail, phones in order to recover digital assets. There are relevant technical approaches - management of access rights, passwords using special software. Usually anonymous users are banned, default access is denied, password changes are denied.

Control staff
Special programs make monitoring and reports on the employee’s work in different applications, sites. According to the Mirobase PRO employee monitoring system, 54% of employees attempt to merge data. 21% are looking for a new job, and about 15% are discussing management
Implement mobile device management
Employees more often enter the corporate network through home computers, laptops, smartphones, where there may already be a huge amount of viruses. Optimal - oblige them to use only work laptops, which are worth giving home. Home routers are another weak link. Devices that will be operated by personnel must be identified and protected in advance. Check with your vendors to see if they are adding mobile security for their customers at no additional cost (for example, like the Cisco AnyConnect Secure Mobility Client).
Make backups
It is also important to check whether your backup is being deployed and to encrypt them, especially if the copies are stored in Ukraine and the data is confidential.
Protect customer personal data
About 70% of customers, according to polls, will stop working with a company that allowed the leak of their personal data. In recent years, this rule has been tested by Adobe, Canva, eBay. A serious approach to providing customer data is a new type of business social responsibility.
Secure negotiations
It is not worthwhile to conduct important negotiations through Zoom, since there is no end-to-end encryption. Also, Hangout Records on Zoom may be available to third parties. A new invention of scammers is the sending of invitations to Google meetings with fake Zoom.
Pay attention to the links
Under the cover of the panic over COVID-19, there is a lot of phishing and social engineering, which encourages the user to independently provide all his data, in particular login and password. Now the main direction of phishing is fake invoice details. Many transferred the communication to Telegram, which is considered to be protected, but there were already court decisions based on information from chats about the seizure of documents and servers.
Have at least a free cybersecurity audit
HackControl has created a free configuration guide form. These are tools to help you independently configure personal devices, applications, social networks, instant messengers for a quick transition to safe remote work. Everyone can use the form to check their personal devices and accounts for security settings. As a result, at the exit you can evaluate the level of security in the company. It is also recommended that employees give a uniform for self-examination.