11 Handy Tips from Cyber Security for Work From Home / Teleworking Employee

Howdy all! Today, we are going to look at how the Cyber Security Vulnerability and threats impacts the remote working options and
what are the Best Practices for Work From Home / Teleworking.
With the recent trends worldwide, the Teleworking otherwise termed as remote working or working from home is on the raise.
Should we consider this option as a threat or an opportunity for an organisation.

It is definitely an opportunity but be aware to assess the threat involved in extending this option to your employees.

Everyone will talk about productivity, engagement, motivation, cost savings etc, but all these can prove just the opposite if the
Cyber Security Vulnerability and threats are not evaluated prior to extending these facilities to the employees.

So what do you think one should do before extending the teleworking or remote working options for employees?

• Do not open the flood gate to accommodate all users during BCP. Validate Business requirement and need for each user and decide
• Perform a Risk Assessment weighing the pros and cons of extending the teleworking options to employees
• Prepare an Information Security Training kit and ensure that all employees are aware of their responsibilities and role in adhering to the

organisation Information Security Policy.

• Perform Network Penetration Test for all your devices are exposed to the public network which forms part of authentication service for the

teleworking services.

• If you are doing IT services for your customer, Ensure that you get formal approval from your customer before you enable remote access
• Have a clear check and validate procedure before extending the end users to use their personal laptop/desktop. Sanitise their device and

have a clear monitoring mechanism to check if all the required patch, Antivirus and minimum security checks are performed on the end
users personal device

• Prior to give business application access to external network, perform a detailed and complete Application Penetration Test
• Avoid Remote Desktop Protocol (RDP) over the internet. RDP, if not configured and secured, can act as a gateway for cyber criminals to

access sensitive internal resources

• Does your organization have Mobile Device Management Solution in Place for Mobile users? If not it is recommended to implement MDM while

users are given access to organization information using their Mobile Phone.

• Use a reliable Virtual Private Network (VPN) to establish a secure channel between end user systems and organization network. Some of VPN

best practices listed below

• Implement Multi-Factor Authentication (MFA) on all VPN connections to increase security. If MFA is not implemented, enforce end users

to use strong passwords

• Ensure IT security personnel test VPN limitations to prepare for mass usage and, if possible, implement modifications—such as rate

limiting—to prioritize users that will require higher bandwidths.

• Update latest patch (Some organization they don`t update VPN patch due to continuous utilization)
• Establish 24X7 security alert monitoring for your external facing devices, VPN and Business application. If you already have

SOC services (Security Operation Center),

• Ensure security rules are updated and all business applications and network devices are covered as part of monitoring
• Ensure to maintain compliance, privacy and regulatory requirements in Information security management services such as GDPR,

HIPAA, PCI etc., when users work remotely.

If you have any queries or help please feel free to contact us IARM Information Security Pvt Ltd. Mail us at info@iarminfo.com & Visit https://www.iarminfo.com

So Let's get started.

IARM can help with their end to end Information security services and solutions. Contact us today and let’s work together to keep your business safe.

Cyber Security Services | Penetration Testing Services | Vulnerability Assessment | SOC Services | Information Security Management Services | Top IT Security Companies | VAPT Testing Company In Chennai | Cyber Attack Recovery Services In India | Network Security Company In Chennai | Cloud Security Service Provider

Most Important Things You Need to Know about SOC Compliance & Certification

SSAE 18 Stands for Statement for Standard for Attestation Engagements created by the Auditing Standards Board of American Institute of Certified Public Account for redefining and updating how service companies report on compliance controls.

In order to check the level of assurance and adequacy of controls that the companies have implemented it is recommended to undergo the Service Organisation Control Audit by qualified and competent Information and Cyber Security organisation and the report attested by qualified and good standing CPA (Chartered Public Account).

• Most companies often are on cross-roads on how to choose the right SOC type of Audit for their organisation. Organisation can choose either SOC 1 or SOC 2 types of audit based on the requirements and controls that they have implemented. The objectives to control the aspects of business process and information security which may impact the client’s financial reporting,  shall choose SOC 1. Under the SOC 1, the organisation can just opt for Type 1 which is just the Description of Controls of what  they have implemented. If they choose SOC 1 and Type II, the organisation should demonstrate the description of controls and also provide the results of testing as part of evidence exercise.

• Similarly if the organisation would like to opt for SOC 2 Audit, which is much more than the SOC1 but also addresses the Trust Principle (i.e) Availability, Security, Process Integrity, Confidentiality and Privacy. Like SOC 1, SOC 2 also has Type I and Type II which states the Description of Controls and also Description of Controls and Testing with results.

The real challenge in choosing the right service provider to help you with the attestation of the Audit report be it SOC 1 or SOC2. The following are the suggestions that organisation intend to go in for SSAE18 Attestation Process.

• Even though this is attested by the CPA (Financial Auditors), it is equally important that the CPA is backed up by a capable Information/Cyber Security Organisation. SOC reports are in-depth and require multiple validation and verification both technically and Process wise as well. 

• Most attestation fail to qualify due to lack of technical controls assessed or improper validation of technical controls implemented. It is important that the technical of various flavours are involved in the assessment such as Physical Security, Operating System Security, Application Security, Database Security, Network Security and operation Security. The technical validation list is endless but is determined by the level of controls that is required for the identified organisation.

• Attestation of the report is for the historical information irrespective of the type of SOC chosen. So it is important that the organisation understand that scope and the criteria of the report that is required to be attested.

• SOC attestation helps organisations limit the num ber of security queries being bombarded by their Clients and Customers on periodic basis. Once when the SOC reports are attested, they can share the report with their client and customer who almost ask the same set of questions on their security compliance.

• Organisations are required to perform the SOC audit every 12 months, else the attestation of the period 12 months can not be held valid for the next subsequent 12 month. It is purely time bound.

• Organisation may have ISO 27001: 2013 certification in place, but SOC audit and attestation gives an edge over and complement the ISO 27001:2013 Certificate.

• Organisation would have to look at the extensive validation of both the technical and process involved with Security Operation Control Framework provided by the audit team and the credibility of the attestation individual. 

• More than the Brand of which the audit firm performs the audit or attestation of the report, it is rather prudent to look for the audit firm which performs a complete technical and process validation.

How would IARM Information Security help with the SOC Reports?

Enterprises are struggling with regulatory compliance issues largely because of audit costs, financial obligations, and recognizing the complexities of the laws and regulations themselves.

IARM, SOC2 service in chennai will do SOC certification, for all service industries.

We are here to assit. Our internal information security audit people has execute SOC testing for a number of industries, such as financial institutions, property management firms, payroll service bureaus & application service providers

IARM, Top Cyber Security Company in chennai has empanelled the credible & reputed CPA’s to attest the report for SOC Compliance.

To learn more, Check out our available SOC Services