Information Security Measures for Remote Employees

Archive for Information Security

Information Security Measures for Remote Employees

When it comes to the option for professionals to work from home via the internet, the current possibilities are better than ever before. These new possibilities also bring new challenges and one of them is the of information security. This is especially the case when comes to sensitive data and employees who are working remotely/off-site for corporations. Then even more important to maintain the company’s data and information security.

 

Information Security via Intelligent Password Use

 

One basic measure for information security is to protect the computer that stores and processes the business data. In one of our previous blog posts (Safety and Security 

information security

Measures You Should Follow) we have listed several useful password tips. They concern the choice and handling of computer and account passwords to ensure the security of the company computer/mobile device. They also refer to the respective internet accounts (for example email accounts).

 

Access and Identity Management by the Employer

 

The above mentioned blog post mainly describes security measures to be taken by the individual remote worker. Beyond that, access and identities for cloud-based applications, file storage and corporate networks/intranet can be managed on the corporate side by cloud-based services like the Microsoft Azure Active Directory.

 

Company Server Protection

 

Firewall

It might seem like a rather basic thing to mention here, but because of its importance for server and information security, it certainly does belong on this list. The Firewall software helps prevent access to the system from unauthorized parties.

VPN-Connections

In comparison to Virtual Private Networks (VPN), WiFi connections are more vulnerable to hacking attacks. It enhances the server security and therefore information security if remote employees/telecommuters sign up via VPN when they need to connect their devices remotely to the company network.

SSL/TLS Certificates

SSL or TLS certificates for the company servers (HTTPS) ensure encrypted communication and verifies the other participant’s identity

You can read more about security measures to protect a server here.

 

Separate Business and Private Computers and Mobile Devices

 

To be on an even safer side, it makes sense to keep the business and private computer devices strictly separate, and not to use the computer you use for business purposes for any private internet surfing or email use. The reason for this; internet surfing and email attachments are common ways through which viruses and other malware can infect a computer.

Of course, even if a company adapted such a policy for the computers use by their employees, this would be difficult to enforce. That is why it is very important to educate the respective computer users about how to use the internet and its services, as well as, also to make sure that anti-virus programs and system are always up-to-date.

If you are interested in IT certification related to information security, cyber, and computer security, have a look at our training courses!

 

Sources:

https://www.entrepreneur.com/article/224241

https://smallbiztrends.com/2018/11/security-measures-for-remote-workers.html

https://www.digitalocean.com/community/tutorials/7-security-measures-to-protect-your-servers

https://techsherpas.com/7-donts-for-your-computer-security/

https://techsherpas.com/cloud-computing-makes-telecommuting-a-real-possibility/

https://techsherpas.com/cloud-computing-microsoft-azure/

The Best Cybersecurity and Information Security Certifications

Information Security CertificationsLet’s begin with “Information Security” and “Cybersecurity”.  There are two expressions that people often use somewhat interchangeably. They are not quite the same though, as we have already explained in one or our previous blog posts. In any case, both have – naturally – the security aspect in common. This means, that if you are planning for a professional career in this field, not only are your knowledge and skill set of particular importance, but also are your reputable credentials, such as, Cybersecurity and Information Security Certifications.

Let us have a look at some of the best information security certifications to boost your career as an information security professional.

 

Information Security Certifications

Certified Penetration Testing Engineer (C)PTE)

The Certified Penetration Testing Engineer certification constitutes an upgrade to the Certified Ethical Hacker/CEH. The Techsherpas certification course is based on proven, hands-on penetration testing methods and the Five Key Elements of Pen Testing:

  • Information Gathering
  • Scanning
  • Enumeration
  • Exploitation
  • Reporting

CISM: Certified Information Security Manager

The certification as a CISM/Certified Information Security Manager demonstrates your proficient knowledge and skill set in the field of Information Security Management, such as:

  • Threat analysis and risks
  • Risk and incident management
  • IS security strategy/frameworks
  • Security programs and CISO roles
  • Creation of policies for audit and risk management, compliance and awareness
  • DR and BCP development/deployment/maintenance

 

CompTIA Security+

With Information Security Certifications like CompTIA Security+ you demonstrate the necessary computer security skills to successfully perform your duties in a wide range of IT security-related roles. Such skills are, for example:

  • Identification of the fundamental computer security concepts
  • Identification of (potential) security threats
  • Data management and application
  • Host security management
  • Network security implementation
  • Identification/implementation of access control
  • Identification/implementation of account management security measures
  • Identification/implementation of compliance and operational security measures
  • Certificate and risk management
  • Troubleshooting and management of security incidents.
  • Business continuity and disaster recovery planning

 

CISSO: Certified Information Systems Security Officer

A Certified Information Systems Security Officer (CISSO) demonstrates proficiency in the knowledge and skill set (including industry best practices) that characterize the work of a security manager/security officer, such as:

  • Expertise regarding the in-depth theory of core security concepts, practices, monitoring and compliance
  • Use of a risk-based approach
  • Ability to implement and maintain cost-effective security controls

The CISSO certification training also covers the exam objectives of the CISSP: Certified Information Systems Security Professional

 

C)IHE: Certified Incident Handling Engineer

The Certified Incident Handling Engineer (C)IHE) is directed toward IT professionals, such as incident handlers, system administrators and general security engineers. The training, which also covers the GCIH- GIAC Certified Incident Handler, teaches students:

  • Planning, creation and utilization of systems for attack prevention, detection and response
  • Step-by-step approaches as used by hackers worldwide
  • Identification of the latest attack vectors and implementation of safeguarding measures
  • Incident handling procedures
  • Strategies for each type of attack
  • Recovery measures after an attack

 

Have a look at our public training schedule to find out more about how we can support you to achieve the Cybersecurity and Information Security Certification that is best for your career plans.

 

 

 

Sources:
https://www.businessnewsdaily.com/10708-information-security-certifications.html
https://en.wikipedia.org/wiki/List_of_computer_security_certifications
https://www.darkreading.com/risk/10-security-certifications-to-boost-your-career/d/d-id/1322449?image_number=3
https://techsherpas.com/it-training/cihe-certified-incident-handling-engineer-on-demand