Due to the impact of the ongoing COVID-19 crisis today, many companies and organizations in the Philippines are already considering telecommuting or most commonly known as work from home as an alternate option to continue their day to day business operations. Rather than traveling to the office, the employee “travels” via telecommunication links, keeping in touch with coworkers and employers via telephone, online chat programs, video meetings, emails, and also with other systems used for remote access to the IT networks such as Virtual Private Network (VPN) Solution. This is a great idea but of course, there is always a risk when it comes to using a remote access connection.
- Poor data encryption
- Over permissive access
- Possible unsecured connection at home
- Unsecured configurations for remote access in the organization’s network Increase in phishing emails targeting teleworkers
- Outdated devices, VPNs and other security tools
CERT-PH recommends and encourages organizations to adhere and to improve security in using remote access connectivity as the medium for operating or working from home. In line with this, CERT-PH provided some precautionary measures to be considered in implementing safe and secure telework (work from home):
- Identify employees who require VPN in fulfillment of their jobs from those that can work without using VPN and restrict access to resources in the work environment depending on their level of need.
- Set time sessions per access. Configure it in a manner that automatically terminates connection when activity is idle for a certain period and would require re-authentication.
- Instruct IT security personnel to monitor incoming/outgoing traffic to reduce the possibility of unknown remote connections.
- Limit the usage of VPN only to company-issued devices
- Ensure that the devices to be used for remote access into the organizations’ IT network have the latest software updates and security configurations.
- Use multi-factor authentication on all VPN connections for an additional layer of protection
- Remind employees to be cautious with phishing emails and in downloading unknown/suspicious attachments that may compromise their account/system.
- Provide contact details of IT security personnel to report incidents or other cybersecurity concerns.
Should you require further assistance, do not hesitate to contact us at firstname.lastname@example.org or 8920-0101 local 1708.