National fixed network call

Remote Work Security - Guide for Companies

These are official numbers from the latest HP Inc. report: +70% of office workers admit to using their professional computer for personal matters. And of those who have been (or still are) telecommuting, almost a third have allowed a family member or friend to use their work computer recently.

This is the post-pandemic world, where remote work has established itself.

Whether we like it or not, we had to learn to produce remotely. But this new paradigm poses challenges we were not used to. And the proof is that the same HP Inc. report points to a +238% increase in the volume of cyberattackson a global scale during the pandemic.

What are the risks of remote work

It is clear to us that the boundary between home and office has blurred. On the one hand, telecommuting workers access company data and files from home more than ever before. On the other, on that same computer, they download files, play online games (27% of respondents), and watch serials (36% of respondents) at a much higher rate than before the pandemic.

Is it possible to keep companies protected in the world of remote work, or will the post-pandemic world be taken over by hackersand cybercrime?

Remote work: where do problems arise?

Your company can be protected against the risks of this new configuration of reality, but it is important that you know exactly the challenges you face. If you have already experienced the consequences of data theft or the invasion and destruction of your equipment, it is likely that the source of the problem was:

  • Insecure Networks in an employee's home
  • Physical access to work equipment is not controlled
  • Previously infected equipment on the company's internal network
  • Lack of training in good IT security practices


Download our free Manual of Good Practices - Computer Security

In Portugal, most companies fail on these 4 points. A recent study published by Tessian indicates that +82% of employees in remote work re-use passwords, across multiple access points. Unauthorized applications continue to be installed on work computers. And it may not even be clear to most employees that care needs to be taken when handling company-provided equipment.

What is the biggest threat in remote work

When we talk about lack of training in good IT security practices, understand that you open emails of unknown origin and click on dubious links, without any kind of scrutiny. Alert your team to this problem: 95% of IT leaders point to email as the biggest source of security threatsto company data!

Almost 85% of data-level security breaches involve tricking your employees - not hacking techniques in the system code, as most of us think. Yes: protect your company's networks and data from hacking techniques. But above all make sure your employees are prepared to identify a threat when it tries to trick them!

Phishing: How to avoid taking the bait?

According to Interpol's cybercrime bureau, the main cyber threat related to COVID-19 was phishing and fraud schemes with 59% of the attacks recorded in 48 different countries. And a large part of these attacks arrive via email.

Cribercriminals take advantage of the pandemic theme to send phishing emails with the COVID-19 theme, pretending to be government and health authorities. Victims are lured into providing their personal data and installing malicious files. And the door is open for data theft and system destruction.

Download for free Interpol's 2021 Report on new cybercrime techniques

Make sure your employees are alerted to this type of practice. And to help you make this alert even more visual, I've recorded a video in which I show you what a malicious email looks like and explain how the cybercriminal expects you to react in order to complete the process of data invasion and theft:

Manual Alves - How to avoid Phishing attempts

Telecommuting: how to double security?

Once your company understands the importance of good IT security practices you will reach a higher state of maturity: your employees can spot phishing attempts and your company data is less vulnerable than before. But does this mean that your company is protected against any cyberattack attempt?

Far from it.

The levels of resilience have increased, telecommuting is no longer an invitation to destroy your growth, but it's up to you to (further) harden the castle walls. At this stage, Morebiz - IT Solutions advises you to implement:

  • Automatic backups
  • Credentials System
  • Secure VPNs

How to protect company data in remote work

Automatic backups

You should not only centralize your company's data on a single server, but also make sure that the information you store on that server is duplicated on another server. Attention: the two servers should be in separate locations to safeguard against data loss in case of fire or serious electrical accident.

The system works simply: The first server will allow access to the company's data at any time and from any place. The second server will ensure that if there is an accident with this first server the data will not be lost forever. All done automatically!

Credentials System

Access to your company's servers should be highly conditioned. This means that every employee should have personal and non-transferable access data. Prevent anyone from entering your company network and having direct access to the data and documents stored on your servers!

Secure VPNs

VPN is a buzzword that may frighten less tech-savvy entrepreneurs. But it actually means: virtual private network. This virtual private network is for your remote employees to access your company's services (e.g. consulting data or downloading documents) in a controlled way.

It is the customer who authorizes who accesses. With this power, that access (even if it is at a distance of thousands of miles) no longer represents a risk factor for your company!

- Nuno Diniz, Morebiz - IT

Security in Remote Work: How to get started

If you had never thought about the risks of remote work and now you're eager to put theory into practice, you probably have questions like:

  • But how do I implement a secure VPN in my company?
  • The credential system is a software that I buy and install?
  • How do I train my employees on good IT security practices? 

Click to schedule a 30-minute meeting: we will explain how to protect your company

Our team can help you implement these tools within a few days. But so that you can take the first step now, we've created a checklist with everything you need to check to make sure the castle doors are locked until our help arrives:

  1. Change the Wi-fi and router password 
  2. Use up-to-date equipment and applications
  3. Use secure passwords (e.g. do not use 1234)
  4. Be careful with USB devices that are inserted into equipment 
  5. Backing up important data
  6. Do not use equipment without anti-malware protection
  7. Monitoring email and avoiding phishing traps 
  8. Immediately report to the competent service any cyber attack 

These were guidelines given by the Directorate General for Administration and Public Employment in April last year, in its Guide to Safety and Health in Teleworking in the Public Administration. If you'd like to go more in-depth, our colleagues at Integrity.pt have done a thorough job, which we've taken the liberty of including in this article:

1. Use secure networks and protect all your devices and documents

- Use the VPN provided by your company to connect securely to the corporate network and to carry out tasks related to it

- Whenever possible, avoid being connected to the company network and other networks at the same time

- Reduce the extraction of information from corporate systems to what is essential

- Restrict the sharing of corporate documents to what is strictly necessary, using the routes previously defined by the organization for this purpose

- Avoid copying corporate files to USB st icks and external disks

- Make data backups in accordance with the guidelines defined in your organization's backup policy

2. Keep passwords, software and devices secure and up-to-date

- Create strong passwords according to the security policy, avoid disclosing and reusing them, and update them regularly

- Always use the devices provided or certified by your company to develop your professional activity and do not share them with third parties

- Keep your security software (anti-malware, firewall, and others) and the applications you need up to date and in line with current corporate security policies and practices

- Guarantees that personal information is kept separate from professional information and that software not authorized by the company or used for purposes outside the professional context is not installed on devices used for professional activity.

3. Conduct meetings securely

- Choose spaces where you can make professional calls without risking sharing confidential information with others

- Make sure you give a simple background and no personal or family references, in case you need to make video calls

- Lock sessions and choose to put them on stand-by or turn off features such as the camera and microphone whenever they are not in use

- Avoid leaving work devices unlocked, especially if you share the space with children

Conduct secure meetings while working remotely

4. Be careful with unsolicited emails

- Resist the temptation to open unsolicited emails, even if they appear to contain useful information about the COVID-19 outbreak

- Do not access links or websites and do not open or download documents attached to unsolicited communications. Several attackers have taken advantage of the pandemic as a way to spread malware

- Make sure you know the contacts in your organization's IT / Security team to whom you should report suspicious behavior or situations, and request instructions or clarifications in case of doubt

5. Use only trusted applications and information sources

- Do not install any application that is not trusted and from the official manufacturer's stores (Google Play and AppStore) on your devices

- Be aware that attackers may take advantage of the COVID-19 outbreak to convince users to install malicious applications or software on professional and personal equipment

- Use credible information sources, WHO or DGS website when you need information about the virus, and avoid surfing unsafe and potentially dangerous websites

Remote work: rights and obligations of companies

If you have come this far it is because you are really committed to securing the future of your business. In the previous sections you have learned:

  • What are the computer-related risks associated with remote work?
  • How to ensure the cybersecurity of a company in remote work?
  • What tools do top managers use to safeguard their companies

But the new paradigm has brought not only risks, but also a new legal framework that represents new obligations for entrepreneurs and companies. For example:

  • Do you know the rights of your employeesin remote work?
  • Is a remote work employee covered by the occupational accident protection scheme?

According to the Directorate General of Administration and Public Employment, in the context of telework and for the purposes of accidents at work is considered:

- workplace means any place to which an employee goes or has to go in the course of his work and which is directly or indirectly subject to the control of the public employer

Remote work legislation for companies

- Working time, in addition to the normal working period,that which precedes its beginning, in preparatory or related acts, and that which follows it, in acts also related to it, as well as normal or extraordinary work interruptions

- In matters of health and safety at work, remote work employees have the same rights and duties as other employees, particularly with regard to compensation for damages resulting from accidents at work and occupational diseases

To be absolutely clear, this means that the worker performing activities under the telework regime will have the same rights and duties as other workers in the office, regarding compensation for damages resulting from work accidents or occupational disease!

Bonus: Top 3 tips for remote work

You already know how to protect your company from unwanted accidents and cyber attacks. You have an action plan to ensure the security of your company in a remote work context. And you even know your obligations towards your employees in this new work paradigm...

But do you know how to lead people in remote work?

You may have wondered how to encourage your employees to maintain (or increase) the productivity levels they registered before telecommuting. I share with you the principles we follow at Morebiz - IT Solutions to get the best out of teleworking:

1. Dress

You don't have to choose the best pants, the best shirt or the nicest shoes: the important thing is to avoid being in your pajamas. And look professional when you join an online meeting via Zoom, Microsoft Team or Google Meets;

2. Create your own workspace

Choose a room (if it has good sun exposure the better) and set up a home office to your liking, with everything you need for a productive working day;

3. Stick to a routine (with physical activity)

Especially if you have children at home, stick to your sleep and meal times. Schedule your breaks but set (and stick to) your goals for the day, just like you do in your office.

Find out why your child can be a cyber-threat while working remotely.

4. Keep in touch with colleagues

The social component is critical to the stimulation of any worker. Don't isolate yourself. For the sake of self-motivation and to ensure that work processes remain fluid, stay in touch with your team and actively participate in online meetings.

Tips for Secure Remote Work

Ready for a new era of remote work with complete security?

If you feel you need support implementing some of these solutions, remember that you can schedule a free 30-minute meeting with one of our experts. Even if you are not ready to make an investment in IT security, we will explain how to protect your company from the risks of telecommuting.

talk with us

Schedule a free
consulting!

or call

+351 261 430 040

National fixed network call

SEE MORE

Cybersecurity in the European Union: What is being done?

The Commission today presented a proposal for a new Cyber Resilience Act to the European Parliament to protect consumers...

Agile Methodology - What is it and how to use it?

What is Agile Methodology If you've never heard of Agile Methods before, it's time to discover...

AI tools to save your business time and money

Hello I'm ChatGPT 4 an advanced language model based on OpenAI's GPT 4 architecture and I'm...

End of Support for Windows Server 2012: Now What?

It's almost impossible to find someone who doesn't know Windows, not Windows Server 2012...

Cybersecurity in industry: where to start?

If you've built up a thriving business in industry, there are endless worries on your mind...

Retail cybersecurity - where to start?

There are few things more difficult than building a retail business Not only because of the countless variables that...