Open menu

Technical Measures to Consider During Remote Working

Technical Measures to Consider During Remote Working

Due to the Covid-19 Coronavirus epidemic, which is on the agenda of the whole world, many companies switched to remote working. However, some companies could not start working remotely, from homes due to lack of technical infrastructure, while some companies switched to remote working in means of working from home without being aware of the systems that they had to set up in their technical systems and without taking the necessary precautions.

Among the guideline of frequently asked questions published by Turkish Personal Data Protection Authority (KVKK) and ICO on the subject, the question "What kind of security measures should be taken to work from home?" has been answered stating that data protection is not a barrier to working from home and that usual security measures should be applied during working remotely, as well.

In the Guidelines for Safe ‘Remote Work’ published by the National Cyber Incidents Response Center within the scope of corona virus outbreak measures, the importance of the measures are described as follows: Defining a time-out for maximum connection time on systems, temporary establishment of the rules defined during remote work, "source IP" restrictions for remote connections where possible, multi-factor authentication and time-based authorization measures for access, ensure that remote access is not permitted for access to any critical systems that should not be defined according to the risk assessment.

So, what aspects should companies take into consideration when working remotely?

1. Equipment Security

One of the biggest issue experienced during the pandemic was that companies did not have equipment appropriate for handling operations remotely from homes. It has been much easier to switch work from home for companies whose computers are portable and communication devices can also be used remotely. In this context, there were those who tried to carry the monitors, and those who could not carry their computers and also expected to use their personal computers at home for business purposes. The lesson learned by companies was that screened devices should be provided to people according to the nature of the job. Because the first rule of working remotely is that the quality of work shall be appropriate for working from home.

Besides, requesting the use of personal computers in their homes for business purposes due to lack of equipment would constitute a huge deficit in ensuring cyber security, since personal computers do not have the same systems as office computers. For example, it will not be possible on personal computers to monitor the systems of people who connect to Office365 accounts. Or, since personal computers' USB ports will not be closed, it will be much easier for employees to export company data.

In summary, it is necessary to make sure that the necessary security software is installed on the equipment used for remote working, up-to-date software is used, and no malware is available. Insufficient equipment will make the company vulnerable to both internal and external attacks.

2. Authorization

During work remotely, employees must have as much system access as they need in accordance with the principle of "least privileged access" only by task. Unnecessary access authorizations on critical data should be restricted, in particular. Since the network connections in the home may not have the same security measures as in the company, it is very important to ensure that the established communication is encrypted with VPN and that the use of VPN is mandatory. Unauthorized access to the network can be prevented by using two factor authentication (2FA) for all employees' authentication processes.

3. Network Security

The use of common Wi-Fi networks is not safe, and in addition to this, it is possible to monitor online activities on such networks, as well. It must be ensured that encryption is provided when connecting to the internet on browsers and e-mail applications. Turning off the Wi-Fi connection will secure the device, when network access is not required. Devices such as unknown smartphones and USB drives should never be connected to devices, since it cannot be known whether they are properly protected or not or contain viruses. In order to ensure security, it should be ensured that anti-virus systems installed on devices cannot be disabled.

The default username and passwords determined by the Internet Service Providers must be changed, in order to secure the wireless networks used at home. Thus, configuration changes will only be made by the person itself. The default name (SSID) of the wireless network should be changed afterwards. This SSID should be chosen in a way that it will not be associated with the address or person.

Wireless networks should be configured to use the strongest encryption, and old and weak encryption methods such as WEP should not be used, as they are not secure. Strong passwords should be used for wireless networks, and this password should only be shared with people who are not at risk of logging in this network. All devices connected to the network must be detected and protected with strong passwords. The features of the devices used should be turned off such as Bluetooth etc.

By contacting Internet Service Providers, tools and facilities to help protect the home network can be used.

4. Training

Employees should be aware of not giving access to devices, including family members, and in order to protect the function of all these measures, as in any case, all personnel working remotely should be given cyber security awareness training and measures should be taken against a possible human error.

It should not be forgotten that the best defense is to be aware of the risks and take the necessary measures.

Author CottGroup Hukuk ve Mevzuat Ekibi, Category Personal Data Protection Law

  • Notification!

    Contents provided in this article serve to informative purpose only. The article is confidential and property of CottGroup® and all of its affiliated legal entities. Quoting any of the contents without credit being given to the source is strictly prohibited. Regardless of having all the precautions and importance put in the preparation of this article, CottGroup® and its member companies cannot be held liable of the application or interpretation of the information provided. It is strictly advised to consult a professional for the application of the above-mentioned subject.

    For each concrete situation, it is strongly advised to seek guidance from a professional advisor. If you are a customer of ours, please consult with your customer representative before taking any action related to the announcement. If you are not a customer, seek advice from an expert.

About The Author


Other Legislation

Bu web sitesi çerez kullanıyor.

Bu internet sitesinde, kullanıcı deneyimini geliştirmek, verimli çalışmasını sağlamak ve istatistiki verileri takip etmek için çerezler kullanılmaktadır. Sitemizi kullanarak çerezleri kabul etmiş olursunuz. Çerezleri nasıl kullandığımız ile ilgili detaylı bilgi için lütfen Çerezler (Cookies) sayfasını okuyunuz. Bu seçim 30 gün süreyle ya da tarayıcınızdaki çerezleri siz silene kadar geçerlidir.

Çerez Tercihleri Cookie Preferences

Çerezleri Ayarla

Çerezler, web sitelerinin kullanıcı deneyimini daha verimli hale getirmek için kullanabileceği küçük metinlerdir. Kanun, bu sitenin işleyişi için kesinlikle gerekli olan çerezlerin cihazınıza saklanabileceğini belirtir. Diğer tüm çerez türleri için izninize ihtiyacımız var. Bu site, çeşitli türde çerezler kullanmaktadır. Bazı çerezler, sayfalarımızda görünen üçüncü taraf hizmetler tarafından yerleştirilir.

Verdiğiniz izinler aşağıda yer alan web siteleri için geçerlidir: