IT security for remote work: 6 advice for the CIO and employees

The COVID-19 crisis has put IT security to the test. The cyber threat against Danish organizations has become more critical, and the Center for Cybersecurity and the Minister for Defence have warned that the national state of security is vulnerable.

How do the IT persons responsible and the employees maintain the security level when thousands of people are sent home from work? Our security expert Kenneth Demskov has three useful advice for the CIO and the employees.

Three advice for the CIO

1) Safeguard identities and access
Identify which identities have the rights and access to which systems and data through Entra ID-based policies, Single Sign-On, and Multi-Factor Authentication.

2) Ensure endpoint security
Manage all devices in the company's portfolio to better handle compromised devices. Offer remote access to the company's recourses through SSL and IPSec VPN and make use of secure mail solutions as protection against social engineering attacks.

3) Remember Cloud security
Establish an omnipresent front line with advanced threat protection that provides the means for proactively taking action with automated and behavior-based detection, traffic analysis, and quarantine of dangerous objects.

Three advice to the employee

1) Take responsibility for the security
At the home office, you are responsible for IT security. An example is that you need to pay attention that your computer is always updated. Please do it manually if the computer does not update automatically.

2) Pay attention to emails
Right now, you need to extra careful and not open emails where the content is suspicious. Your IT department is busy, and it might be days before they can assist with individual support in case of ransomware or phishing attempts.

3) If you are in doubt, then wait
Do you receive material where you are suspicious of its contents' authenticity, then wait to open and use it. Ask your IT department or contact colleagues if you have any questions. Right now, security is of the essence.

Kenneth Demskov

Kenneth Demskov is IT security specialist with 25 years of experience from the IT world and has worked with server-, network-, and database operations distributed across a broad spectrum of operating systems, database technologies and types of networking equipment. Certified in Fortinet and Microsoft focusing on design and delivery of security solutions to Danish organizations, Kenneth is specialized within network and endpoint security, advising companies on a daily basis how to secure the right data protection under de-centralized and fragmented security challenges.