Teleworking: don’t overlook the risks
During the crisis of COVID-19 that we are going through, the containment phase, forced companies to deploy and experiment massively and quickly the telework.
While the resumption of activity in the workplace is becoming more widespread, this method seems to have become necessary and is in the process of being permanently integrated into enterprises, particularly for tertiary jobs.
But is it without cyber risks for the companies that implement it? Of course, the answer is no.
Here are, in a non-exhaustive way, some questions to consider before definitively integrating telework into your usual operating routines
Privacy
- Does the company’s sensitive data remain permanently confidential?
- During their transport on the internet, is encryption systematically used?
- Is my cloud hosting solution adapted to the uses of online work?
- Do my employees know the best practices for remote work?
- In case of theft of the means made available, what data will be compromised?
- Do my video conferencing and collaborative work allow me to exchange sensitive information by guaranteeing their confidentiality?
Availability
- Are the company’s services and data permanently available to my employees working remotely?
- If all my employees working remotely connect at the same time, is the access rate sufficient?
- My private cloud infrastructure is sized for mass online collaborative work.
- If I use a VPN, will I have enough access to it for all my employees?
Integrity
- Could these new remote accesses allow a hacker to penetrate my company’s network?
- If my employee’s personal WIFI installation is hacked, can the hacker go back to the company’s system?
- Is the integrity of my clients' and employees' personal data guaranteed?
- Are my RDP and VPN accesses sufficiently protected to guarantee the security of my information system?
Traceability
- Do the means I have implemented allow me to identify and authenticate my employees or service providers in a secure manner?
- Can their access to my company’s services be usurped?
- What means can I use to track my users' access?
While the implementation of teleworking, in times of crisis and rapid confinement, has often been carried out in an emergency, with the means «on board», and with the emphasis on efficiency, Today, we can only advise you to take the time to review the means and methods used in order to be able to telework sustainably in all cyber-security