Hear it from a Hacker - Part 4 | Remote Working
HTML-код
- Опубликовано: 16 сен 2024
- The dramatic changes to how we work in 2020 and the shift to remote working will continue to create challenges, says Julia Voo (Global Lead Cybersecurity and Tech Policy): “COVID-19 has weakened organisational security. Remote access inefficiencies, VPN vulnerabilities and a shortage of staff that can help the business adapt means data is now less secure.”
From a cybercriminal’s perspective, the attack surface is widening, creating more opportunities, as Joanna Burkey (CISO for HP Cyber Security Expert) explains: “We can expect to see hackers identifying and taking advantage of any holes in processes that were created, and still exist, after everyone left the office.”
Boris Balacheff (Chief Technologist for Security Research and Innovation at HP Labs) points out that this also means that home devices will be under increased pressure: “We have to expect home infrastructure will be increasingly targeted. The scale at which we operate from home increases the incentive for attackers to go after consumer IoT devices and pivot to business devices on the same networks. And as we know, if attackers are successful with destructive attacks on home devices, remote workers won’t get the luxury of having someone from IT turning up at their door to help remediate the problem.”
Read our blog [Cyber‐attacks set to become more targeted in 2021, according to HP Inc.] for more information - www.isosystems...
KEY ACTIONS FOR SECURE REMOTE WORKING
PROCESSES
• Update remote working policies
• Review changes against policies and contracts
• Assess the risks to the updated processes
• Review the effectiveness of your management reports and controls
• Train your staff in final procedures
• Review your internal audit plan
• Carry out remote access and remote compromise penetration tests.
YOUR SUPPLIERS
• Establish what changes have been made
• Review the changes against contracts, service level agreements, data sharing agreements, etc.
• Assess the risks introduced by the changes
• Review the effectiveness of your management reports and controls
• Review your supplier audit plan.
YOUR EMPLOYEES
• Review individual working environments
• Ensure privacy and information security are appropriate for the tasks assigned
• Train staff on new procedures
• Train staff on evolving threats, e.g. COVID-19 phishing attacks.
Download our guide for managing cyber security and data privacy risks while remote working here - www.isosystems...
ISO 27001 - www.isosystems.org.uk/27001
Cyber Essentials - www.isosystems.org.uk/cyberessentials
BS10012 - www.isosystems.org.uk/10012
