Alok Sahay Country Manager India Saarc

Alok Sahay
Sales Director India & SAARC
alok.sahay@holmsecurity.com
+91 8800-67 77 99

Welcome to India!

Hi! My name is Alok and I'm your local representative in India. Looking for a cyber security solution and vulnerability management? Let's talk! 

View products

Book demo

Faurani Ahmad Sales director Southeast Asia

Ahmad Faurani
Sales Director Southeast Asia
ahmad.faurani@holmsecurity.com
+60 19 434 2727

Welcome to Malaysia!

Hi! My name is Ahmad Faurani and I'm your local representative in Malaysia. Looking for a cyber security solution and vulnerability management? Let's talk! 

View products

Book demo

cristian-miranda-holm-security

Cristian Miranda
Key Account Manager, Finland
cristian.miranda@holmsecurity.com
+46 8-550 05 582

Tervetuloa Suomeen!

Hei! Nimeni on Cristian ja olen paikallinen edustajasi Suomessa. Etsitkö tietoturvaratkaisua ja haavoittuvuuksien hallintaa? Puhutaan!

Lue lisää

Kirjaesittely

victor-bunge-meyer-holm-security

Victor Bunge Meyer
Key Account Manager, Sverige
victor.bunge-meyer@holmsecurity.com
+46 08-550 05 582

Holm Security i Sverige

Välkommen till Holm Security i Sverige! Jag heter Victor och är din lokala kontakt. Kontakta mig om du vill veta mera om vår platform för sårbarhetsanalyser. 

Läs mer här

Boka demo

 

Beth Murrell holm security

Beth Murrell
Account Manager, Benelux
elizabeth.murrell@holmsecurity.com
+31-20-238 63 94

Welkom in de Benelux!

Mijn naam is Beth Murrell en ik ben uw lokale vertegenwoordiger in Nederland, België en Luxemburg. Op zoek naar een cyberveiligheidsoplossing en kwetsbaarheidsbeheer? Laten we praten!

Lees verder

Boek een demo

jens dahlkvist holm security

Jens Dahlkvist
Key Account Manager, Norge
jens.dahlkvist@holmsecurity.com
+46 8-550 05 582

Holm Security i Norge

Velkommen til Holm Security i Norge! Jeg heter Jens og er din lokale kontaktperson.Kontakt meg hvis du vil vite mer om vår plattform for sårbarhetsanalyser.

Les mer

Personlig demo

Ronnie Jensen

Ronnie Jensen
Country Manager Denmark
ronnie.jensen@holmsecurity.com
+45 31 12 10 05

Holm Security i Danmark

Velkommen til Holm Security i Danmark! Mit navn er Ronnie og jeg er din lokale kontaktperson. Kontakt mig, hvis du vil vide mere om vores sårbarhedsanalyseplatform.

Læs mere

Personlig demo

Security risks working from home

Image of Jonas Lejon
Jonas Lejon

May 13, 2020

Remote work has increased drastically and at the same time, there are clear indications that hackers, foreign powers, and other cybercriminals are increasing their activities. Working from home poses an increased challenge for IT departments, now required to offer flexible and secure solutions. This is a great challenge, not least because secure solutions are often more tedious for the end-user. While working from home is not something new for many organizations, the large number of people working from home is, which also increases exposure to a variety of security risks.

1. Implement a clear policy

First and foremost, your organization should have an easy to understand written policy concerning remote working. Avoid long documents that no one will really read, instead go with one page covering the essentials. This policy should include guidelines for what you can do on your company's computers and how to connect securely. What happens, for example, when an employee uses their work computer for private browsing and streams through VPN and occupies bandwidth both in and out of the organization.

 

2. Use VPN

Connection to your organization's system should be done with a VPN, but it's important that authentication is still required for various services and systems, such as Microsoft Remote Desktop and SSH. You should also avoid exposing services that use SSH and RDP directly to the Internet. Take advantage of available certificate-based login along with two-factor authentication.

 

3. Copying of information

Working remotely allows malicious users the opportunity to copy, save and spread sensitive information. Therefore, your policy should also contain guidelines on how documents should be handled and what type of USB equipment may be connected. If a user can easily copy all documents from the document server to a USB flash drive? Malicious code could do the same.

 

4. Video conference

Many video conference systems offer a wide variety of possibilities and settings. Using the wrong settings can drastically increase the risk of espionage. Make sure users are using secure settings, which means using secure passwords, and locked conferences. Also, make sure the software is always up to date. Many video conferencing companies are continuously discovering ongoing vulnerabilities, in these times when their systems are being put to the test.

 

5. Train & keep users aware

Educate your users continuously and do awareness training. It can, for example, be done through various simulations of social engineering, like simulation of phishing campaigns. Keeping users safe can be compared to keeping a system secure. It is not a one-off effort but requires continuous work overtime.

 

6. Assume that the home network is already hacked

Do not give the user too much freedom to install own software just because he works from home. A home network can consist of many different types of components and systems that can be hacked or compromised. A good starting point is to work based on the principle that the home network is already hacked.

 

7. Monitor continuously

Monitor events such as unsuccessful login attempts. Work proactively to detect vulnerabilities in protocols and services used. Maybe it is time to review an external service that monitors events 24/7, such as a Security Operations Center (SOC) service.

 

Risk behaviors

Working from home involves increased risk behaviors. Here are a few.

  • Connections are made via unsecured Wi-Fi networks at home and when the user is in motion.
  • Increased risk of lost and stolen computers.
  • Increased private activity, which gives increased exposure to various risks, not least websites that spread viruses.
  • Reduced resistance to social engineering such as phishing and ransomware.
  • Increased risk of non-compliance with the company's security policy.
  • Increased risk of computers and systems not being updated.
  • Increased risk of copying and dissemination of sensitive information.

 

Checklist for increased security

Clear policy 
Have a clear and simple user policy - what the user can and cannot do. Educate your users on what allowed on the company's computer.

Use disk encryption
Use hard disk encryption. So even if a computer is lost, it is very difficult to access the information in it.

Backup
Have a solution for backup and recovery of files and data.

Update software
Make sure to keep computers and systems up to date. Not the least the software used for teleworking.

Two-factor authentication
Enable two-factor authentication where possible.

Log events
Make sure that relevant events are logged on the client and that you receive alarms on suspicious activity.

Clear contact paths
Ensure that the user knows who to contact in the event of a suspected or identified incident.

Restrict & control
Make sure you have control over users' computers. Restrict permissions and what software that can be installed.

Cyber Security Starts Here! 👇

Vulnerability Management is a cornerstone in a modern cyber security defense.

Book demo now

screen-shot-holm-security