Every company will soon have employees working from home, from a cafe, or from a conference. Having cyber security policies in place with procedures and checklists that employees can follow will help you avoid hacker attacks and data breaches. Most remote-friendly companies are already set up with a secure VPN, VDI or remote desktop, but here’s a few more pointers to improve your security.
Secure remote work tips
- Use strong passwords – Protect your data by using long and unique passwords for different systems.
- Use a password manager – A password manager allows you to generate and store all of your passwords in a vault. Instead of remembering multiple passwords, you only have to remember one.
- Use 2FA – It is highly recommended to use 2-factor authentication to add another layer of security to the login process.
- Use two or more layers of security (e.g. SSL + VPN) – Make sure you always have at least two layers of security when you are working remotely. This is especially important when you’re using public WIFI. For instance, a Man-in-middle attack through SSL can often be prevented by running a VPN.
- Beware of phishing (i.e. fraud emails) – Double check the sender name and email, and be wary of downloading attachments and clicking on links in emails.
- Verify the security of the tools that you are using – Check that the company is well-known and seems trustworthy, has a dedicated page explaining their security policy, and not only a statement on the front page. They should use SSL/HTTPS, and having a Responsible Disclosure policy is often a good indicator that they understand security.
For developers
- OWASP Top 10 – OWASP Top 10 is used as an industry standard. Making sure your application is not vulnerable to the 10 vulnerabilities on the list is a great health check.
- Use automation – Automated security scanners test your application for the latest vulnerabilities and help you stay on top of threats. Services like Detectify can seamlessly be incorporated into development processes as it integrates with workflow tools like Trello.
- Update your CMS and enable auto-update – Because CMS updates often come with security patches, it’s important to make sure you’re running the latest version. Once security patch notes are public, hackers can easily see what older versions of the CMS are vulnerable to and then pick their targets accordingly.
- Access – Less is more. Don’t forget to kill access rights for departing employees.
- Bring in the right knowledge – Hire someone who is interested in security and give them sufficient mandate.
More tips for successful and secure remote work
If you’d like to find out more about remote work at Detectify, read our meet the team articles where our security researcher Linus and community manager Kristian share their views on working remotely.
Our friends over at Trello are experts on developing a remote work culture. To share their knowledge and experience, they have put together an e-book packed with remote work tips and tricks:
How to keep your team working from anywhere (English)
Hur ditt team lyckas med distansarbete (Swedish)
Detectify is a continuous web scanner monitor service that can be set up for automated scanning for the latest known vulnerabilities including the OWASP Top 10. Give it a try with a free trial today!