There are several key areas to consider when thinking about work from home security. First, we need to look at protecting the endpoint the employee will be working on. Because personally owned devices are more likely to already be infected with malware or viruses, we recommend issuing company-owned devices that should already have security software, administrative policies, filtering, and application control.
At a minimum, these devices must at least have Endpoint Detection & Response (EDR) for monitoring cyber attacks and Malware Prevention. In addition, you may want to consider full-disk encryption to protect data in the case of lost or stolen devices.
We have spoken to you about Multi-factor Authentication (MFA) over the past few years and stressed the importance of having it for remote VPN. We also recommend enabling it on any application that allows for MFA.
Now is a critical time to review your access and administration policies. Employees should not have administrative access to their devices and accounts, and limited access to only what is necessary for each employee. We also recommend web content filtering to continue to protect your remote employees from malicious websites and to preserve productivity.
There isn’t a crisis a competent hacker won’t exploit, and coronavirus is another way cybercriminals are taking advantage of uneducated users. Email scammers often try to elicit a sense of fear and urgency in victims. So of course, they are attempting to incorporate the coronavirus into that playbook as quickly as possible. We recommend dark web monitoring and Social Engineering & Training to minimize your risk in this area.
Increased IT support may be needed for your employees working from home for the first time. Be sure they have the email and phone number for SECURE ITnet to minimize frustration with their new technologies and environment.
An organization with a well-designed security policy and disaster recovery plan may find they already have a lot of these solutions in place. Working from home need not be any less secure than your office environment – just be sure to do some planning, set up some policies, and put some effective measures in place.
In summary, here are some key Do’s and Don’ts for incorporating remote working into your organization:
Don’t:
- Let your users use their home devices, if possible
- Give administrative rights for individual devices or applications
- Leave employees stranded without support
Do:
- Use MFA on every platform that supports it
- Keep all remotely accessible systems fully patched and highly redundant
- Train employees to recognize phishing emails and online scams
- Review your administrative policies and procedures
Are you concerned about potential security gaps in your network? SECURE-ITnet is your local Security Expert and we are happy to provide a free consultation with one of our top experts.