Do Telework Employees pose security risks to their company?
February 2021 by Talenz
Containment has seen teleworking develop to ensure continuity of service. Many companies have implemented remote collaboration tools, sometimes in an emergency context. This is a boon for cybercriminals. ISACA (represented by the French Association for IT Audit and Consulting in France) polls show companies are seeing an increase in cybersecurity incidents. And yet only 1 in 2 companies believe they are able to respond to these cybercriminal attacks. Talenz Audit, a subsidiary of the Talenz network and specialist in all audit activities, offers 5 tips to avoid hacking.
1. Make users aware of good cybersecurity practices (according to its up-to-date security policies / procedures)
2. Analyze your remote connection mode to protect it (by setting up a VPN that secures the exchange thanks to the tunnel and two-factor authentication)
3. Make sure that the topology of your network is secure (DMZ)
4. Ensure that the configuration of network elements corresponds to its procedures / best practices and that updates to these are in place
5. Check that the data backup is periodic, complete and can be restored.
Uncontrolled teleworking can indeed facilitate the activity of cybercriminals by allowing them to access the corporate network, by launching DDoS-attacks or brute force attacks (hacking methods). The security risks via a remote connection consist of :
• The intrusion of malicious actors who can access sensitive functions (especially transfer operations)
• Theft or loss of sensitive or strategic data
• The disorganization or potential dysfunction of the business.
Cyber criminals force users to share personal information and / or passwords to gain remote control of corporate infrastructure. An insecure remote connection (without additional configuration), the lack of precautions on the part of users (downloading a malicious document or clicking on a fraudulent link) or the administrator (insufficient configuration or updates), Topology without local network isolation from the internet can allow intrusion of these malicious actors into the corporate network.
To schematically illustrate the major risks of a remote connection by a user, here is a typical example of a computer network architecture and the potential points of weakness.
1. Intrusion, loss or theft of data due to a fraudulent email or a phishing site
2. Password hacking following an unsecured connection (without additional configuration
3. Hacking of the local network due to a simplified topology (without demilitarized zone)
4. Risk of intrusion due to weak password settings lack of updates to network elements and / or antivirus
5. Loss or theft of data due to malicious intrusion or virus
About Talenz Audit
Launched in 2020, Talenz Audit was created by the partners of the Talenz network, a French specialist in business consulting, to bring together all audit activities in a single structure. A unique concept in France which allows a personalized offer adapted to the size and market of each company. Thanks to their roots in all regions of France, the support and proximity to SMEs is one of their strengths