Between telecommuting and computer security, insurers are organising themselves
Telework is not easy for everyone and in all sectors.
In the financial sector, for example, it becomes more complicated, and requires even more security measures. According to figures from the French insurance federation, 90% of employees in the sector now work remotely.
This article will also interest you: Security flaws discovered on a health insurance site
This is what allows this area to run normally despite this period of general containment. Of course, we need to raise the issue of computer security that is at the heart of this process. In an environment where missions are used to handling large financial flows, it is clear that cybercrime may have such an interested eye. Because the member of sensitive data exposed because of telework will inevitably grow. So these structures are organized as they can.
As is well known, the organization of remote work will vary by sector and by company. In a sector such as insurance, employees must have a set of equipment with certain specificities and security. These include encrypted hard drives, multi-factor authentication protocols, connection and access limitation procedures, specific devices approved for specific tasks, work on a personal computer or another because it is dangerous.
Arrangements are made and organized by the heads of the structures' information systems with the aim of facilitating the transition and minimizing risks. This is even for remote work situations on the move or at home. In this regard, the National Information Systems Security Agency (ANSI) has just published recommendations on what has been dubbed "digital nomadism". The French cyber defence watchdog has announced that it is producing recommendations specifically dedicated to the financial sector. But before that, on 18 March, the National Agency was already publishing on the security of the computer means used during telework. Unfortunately, these means have been rushed by companies to respond to an urgent need, which "increase the exposure of information systems on the Internet, in a context where the risks to their security are very high with recent discoveries of critical vulnerabilities affecting some of these solutions."Note the French agency.
In addition, the Cyber security Watchdog first recommends the use of a private connection system between the tools used by employees and the company's information system, like the private virtual network (VPN). This essential technology can allow the company to properly initiate its security policy, even if it was difficult at the beginning of the containment: "The VPN allows to create a point-to-point channel between the transmitter and the receiver. Sometimes, applications accessible only via VPN are only the business-owning applications. But it can also be all connections to the internet. Pascal Chrétien, the treasurer of the Clusif (French Information Security Club). The sector coordinator for finance at the National Information Systems Security Agency, Mr. Grégoire Lundi, highlighted the value of this tool: "Telework increases the attack area for cyberattacks. The use of VPN protects exchanges from interception of flows. ».
However, the use of the private virtual network has not failed to have a very visible impact on telework. "On March 16 and 17, when everyone was teleworking, there were saturation problems on some networks where there were not enough VPN licenses. The number of simultaneous connections was exceeded so the system was blocked. One solution is to reserve the VPN for the perimeter of what is confidential, it limits the risks of saturation," notes Pascal Chrétien du Clusif. But today, this little problem has been solved. "Companies regularly test their solutions to crisis scenarios that would lead to the unavailability of premises," explains Grégoire Lundi. The December strike was a full-scale test. This context meant that some companies purchased additional capacity at that time. But no one has ever tested a containment that would last several weeks. In an emergency, the challenge was to equip employees who were not, to train remotely, and to properly size the infrastructure. Some companies may have recommended not consuming videos to save bandwidth, for example. says Pascal Chrétien. He will also add that the VPN has extended telework to several levels. "Apart from certain transactions such as cheque cashing or cash, from a technical point of view, all transactions are remotely feasible."
Now access an unlimited number of passwords: