Обеспечение безопасности конфиденциальной информации компании при удаленном доступе сотрудника

S. A. Nuriev; I. N. Kartsan

doi:10.47813/2782-2818-2023-3-2-0234-0242

Authors

S. A. Nuriev Marine Hydrophysical Institute of the Russian Academy of Sciences, Sevastopol, Russia
I. N. Kartsan Marine Hydrophysical Institute of the Russian Academy of Sciences, Sevastopol, Russia, Siberian State University of Science and Technology named after Academician M.F. Reshetnev, Krasnoyarsk, Russia https://orcid.org/0000-0003-1833-4036

DOI:

https://doi.org/10.47813/2782-2818-2023-3-2-0234-0242

Keywords:

remote work, secure access, confidential information, data encryption, multi-factor authentication, VPN, monitoring and auditing, employee education

Abstract

The rapid growth of remote work has introduced new challenges and concerns regarding the security and confidentiality of company information. With employees accessing sensitive data from various locations and devices, ensuring the protection of confidential information has become a critical priority for organizations. This article examines the challenges associated with secure access to confidential company information in a remote work environment and explores potential solutions and best practices. The first challenge lies in establishing a secure connection between remote employees and the company's network. Virtual Private Networks (VPNs) have emerged as a widely adopted solution for encrypting data transmissions and providing secure remote access. However, organizations must carefully configure and maintain their VPN infrastructure to mitigate vulnerabilities and protect against unauthorized access. Another critical challenge involves user authentication and authorization. Traditional password-based authentication mechanisms are increasingly vulnerable to sophisticated attacks, necessitating the adoption of multi-factor authentication (MFA) techniques. MFA combines multiple factors, such as passwords, biometrics, and security tokens, to strengthen access controls and verify the identities of remote employees. Data encryption plays a crucial role in safeguarding confidential information during transit and storage. Advanced encryption algorithms and robust key management systems are essential to prevent unauthorized access to sensitive data. Additionally, organizations should enforce strong security policies, such as regular password changes and data classification protocols, to further enhance data protection. Moreover, employee education and awareness are critical components of a comprehensive security strategy. Organizations should provide regular training on secure remote work practices, emphasizing the importance of strong passwords, secure Wi-Fi networks, and phishing prevention. By addressing the challenges associated with secure access to confidential company information in a remote work environment and implementing appropriate solutions and best practices, organizations can significantly enhance their information security posture and protect sensitive data from unauthorized access.

Author Biographies

S. A. Nuriev, Marine Hydrophysical Institute of the Russian Academy of Sciences, Sevastopol, Russia

Suri Nuriev, Senior Engineer, Marine Hydrophysical Institute of the Russian Academy of Sciences, Sevastopol, Russia

I. N. Kartsan, Marine Hydrophysical Institute of the Russian Academy of Sciences, Sevastopol, Russia, Siberian State University of Science and Technology named after Academician M.F. Reshetnev, Krasnoyarsk, Russia

Igor Kartsan, Dr. Sc., Docent, Leading Researcher, Marine Hydrophysical Institute, Russian Academy of Sciences, Sevastopol, Russia

References

Сухостат В. В. Теория информационной безопасности и методология защиты информации. СПб: Университет ИТМО; 2018.

Хорев А. А. Организация защиты информации от утечки по техническим каналам. М.: МО РФ; 2017. 316.

Мухаметьянова А. Р. Особенности защиты информации на предприятии от утечки по техническим каналам. Уфа: Башкирский гос. ун-т; 2019. 56.

Нуриев С. А., Карцан И. Н. Роль пространственной киберинфраструктуры в геоинформационных системах. E3S Web of Conferences. 2023; 389: 04023. doi.org/10.1051/e3sconf/202338904023

Карцан И. Н., Контылева, Е. А. Глубокий интернет вещей. Современные инновации, системы и технологии. 2023; 3(2): 0201-0212. https://doi.org/10.47813/2782-2818-2023-3-2-0201-0212

Maddox A., Barratt M.J., Allen M., Lenton S. Constructive activism in the dark Web: Cryptomarkets and illicit drugs in the digital demimonde. Inf., Commun. Soc. 2016; 19(1): 111-126.

Аверьянов В.С., Каричев А.А., Карцан И.Н. Об атаках с явным исходом динамических переменных и криптостойкости ключей безопасности квантовых систем. Математические методы в технологиях и технике. 2022; 12(1): 29-34.

Жуков А.О., Карцан И.Н., Аверьянов В.С. Кибербезопасность Арктической зоны. Информационные и телекоммуникационные технологии. 2021; 51: 9-13.

Mishra P., Pilli E.S., Varadharajan V., Tupakula U. Intrusion detection techniques in cloud environment: A survey. J. Netw. Comput. Appl. 2017; 77: 18-47.

Chang D., Ghosh M., Sanadhya S.K., Singh M., White D.R. FbHash: A new similarity hashing scheme for digital forensics. Digit. Invest. 2019; 29: S113-S123.

Ahmed M., Mahmood A.N., Islam M.R. A survey of anomaly detection techniques in financial domain. Future Gener. Comput. Syst. 2016; 55: 278-288.

Жукова Е.С., Карцан И.Н. Обеспечение конфиденциальности информации в центре управления полетами. Вестник Сибирского государственного аэрокосмического университета им. академика М.Ф. Решетнева. 2009; 3(24): 93-97.

Карцан Р.В., Жукова Е.С., Карцан И.Н. Универсальное программное обеспечение по типу «Каркас». Актуальные проблемы авиации и космонавтики. 2012; 1(8): 356-357.

Карцан Р.В., Карцан И.Н. Дактилоскопия биометрический метод идентификации на режимном предприятии. Актуальные проблемы авиации и космонавтики. 2013; 1(9): 405-406.

Гурьянов К.В., Шатило Я.С. Организация противодействия распространению наркотиков через интернет. Антинаркотическая безопасность. 2016; 1(6): 101-108.

REFERENCES

Suhostat V. V. Teoriya informacionnoj bezopasnosti i metodologiya zashchity informacii. SPb: Universitet ITMO; 2018.

Horev A. A. Organizaciya zashchity informacii ot utechki po tekhnicheskim kanalam. M.: MO RF; 2017. 316.

Muhamet'yanova A. R. Osobennosti zashchity informacii na predpriyatii ot utechki po tekhnicheskim kanalam. Ufa: Bashkirskij gos. un-t; 2019. 56.

Nuriev S. A., Karcan I. N. Rol' prostranstvennoj kiberinfrastruktury v geoinformacionnyh sistemah. E3S Web of Conferences. 2023; 389: 04023. doi.org/10.1051/e3sconf/202338904023 DOI: https://doi.org/10.1051/e3sconf/202338904023

Karcan I. N., Kontyleva, E. A. Glubokij internet veshchej. Sovremennye innovacii, sistemy i tekhnologii. 2023; 3(2): 0201-0212. https://doi.org/10.47813/2782-2818-2023-3-2-0201-0212 DOI: https://doi.org/10.47813/2782-2818-2023-3-2-0201-0212

Maddox A., Barratt M.J., Allen M., Lenton S. Constructive activism in the dark Web: Cryptomarkets and illicit drugs in the digital demimonde. Inf., Commun. Soc. 2016; 19(1): 111-126. DOI: https://doi.org/10.1080/1369118X.2015.1093531

Aver'yanov V.S., Karichev A.A., Karcan I.N. Ob atakah s yavnym iskhodom dinamicheskih peremennyh i kriptostojkosti klyuchej bezopasnosti kvantovyh sistem. Matematicheskie metody v tekhnologiyah i tekhnike. 2022; 12(1): 29-34. DOI: https://doi.org/10.52348/2712-8873_MMTT_2022_12_29

Zhukov A.O., Karcan I.N., Aver'yanov V.S. Kiberbezopasnost' Arkticheskoj zony. Informacionnye i telekommunikacionnye tekhnologii. 2021; 51: 9-13.

Mishra P., Pilli E.S., Varadharajan V., Tupakula U. Intrusion detection techniques in cloud environment: A survey. J. Netw. Comput. Appl. 2017; 77: 18-47. DOI: https://doi.org/10.1016/j.jnca.2016.10.015

Chang D., Ghosh M., Sanadhya S.K., Singh M., White D.R. FbHash: A new similarity hashing scheme for digital forensics. Digit. Invest. 2019; 29: S113-S123. DOI: https://doi.org/10.1016/j.diin.2019.04.006

Ahmed M., Mahmood A.N., Islam M.R. A survey of anomaly detection techniques in financial domain. Future Gener. Comput. Syst. 2016; 55: 278-288. DOI: https://doi.org/10.1016/j.future.2015.01.001

ZHukova E.S., Karcan I.N. Obespechenie konfidencial'nosti informacii v centre upravleniya poletami. Vestnik Sibirskogo gosudarstvennogo aerokosmicheskogo universiteta im. akademika M.F. Reshetneva. 2009; 3(24): 93-97.

Karcan R.V., Zhukova E.S., Karcan I.N. Universal'noe programmnoe obespechenie po tipu «Karkas». Aktual'nye problemy aviacii i kosmonavtiki. 2012; 1(8): 356-357.

Karcan R.V., Karcan I.N. Daktiloskopiya biometricheskij metod identifikacii na rezhimnom predpriyatii. Aktual'nye problemy aviacii i kosmonavtiki. 2013; 1(9): 405-406.

Gur'yanov K.V., SHatilo YA.S. Organizaciya protivodejstviya rasprostraneniyu narkotikov cherez internet. Antinarkoticheskaya bezopasnost'. 2016; 1(6): 101-108.