Cybersecurity and the implementation of smart working

Faced with the unexpected health crisis, institutions and companies around the world are trying to facilitate the implementation of smart working through the dispersion of adequate rules and procedures. The widespread training of people involved in teleworking is urgent if we are to avert the real risk of cyber-attacks, for profit or political destabilization, aimed at public, corporate or personal networks and systems.

The introduction of digital devices in the workplace such as smartphones and tablets has undoubtedly increased productivity, while exposing companies to a greater risk of  cyber-attacks. A threat that is all the more tangible and probable the more time employees spend working on these devices, especially remotely. The adoption of secure hardware and software instruments therefore becomes an imperative for the protection of corporate information assets.

Recognize and mitigate risks

Among the many risks, working on the move exposes access to insufficiently secure networks – primarily home internet connections. Remote work requires the company to implement procedures and solutions aimed at regulating and managing the traffic of information in accordance with the enforced European directives. Such organizational and information tools could help organizations to prevent threats by defining how to use the equipment provided to the worker.

Providing its employees with encrypted and secure work tools is the first concrete step to mitigate the risk of cyber-attacks. Furthermore, one of the most frequently adopted tools in the business world is the Cybersecurity Framework published by the National Institute of Standards and Technology (NIST). The procedure identifies a series of macro-processes to be used as a guide to manage cyber security incidents. They are:

1. Identify

2. Protect

3. Detect

4. Reply

5. Reset

The combination capable of defending against cyber-attacks must, in any case, consist of physical security measures, understood as the adoption of measures to guarantee a protected work environment (even remotely) and to protect intellectual assets and in logical security such as the protection of confidentiality from any accidental or unintentional threat, coming from inside and / or outside the company structure.

External and internal risk: how can companies intervene?

Regarding external risks, the GDPR regulation identifies an extensive number of provisions that cybersecurity companies must comply with in remote working mode. We point out:

1. Use of encryption techniques

2. Use of specific authentication systems

3. Constant monitoring of the company network

4. Preparation of prevention and identification tools

5. Use of secure back-ups

6. Activation of a cyber-risk management model

Forms of internal risk mitigation consist in the adoption of specific company procedures, codes of conduct, regulations, etc. able to regulate the activity of smart workers. These rules may include regulating the use of company email and the applications that can be used by workers. Furthermore, the training of employees on risks can prove to be fundamental in making remote work safe, as well as the revision of the principles and management processes of the company itself (Legal Department, HR, certification bodies, etc.).