As many organisations settle into the new way of working for everyone, connectivity and collaboration are important discussion points, but another factor can obviously not be ignored… security.>
Relying on remote workers to address this on their own is not an option and, for many, the right processes, training, and technology may not be in place anyway.
In this blog we look at some of the key issues and how you can help your colleagues to work from home and stay secure.
The challenges we are seeing:
- Using unsecured home Wi-Fi networks
- Using insecure devices for work
- Increase in phishing scams targeting your remote workforce
Our checklist recommendations:
- Use strong passwords
- Use 2 Factor Authentication or Multi Factor Authentication
- Use VPN
- Ensure firewalls are configured properly
- Secure the endpoint
- Keep your systems patched
- Always use back-ups
- Be vigilant for phishing emails and malicious websites
- Add Email and Web Content Filtering
- Turn your users into Wi-Fi experts
- Add security monitoring
- Beware Shadow IT
Our checklist explained:
| Use strong passwords | Do not use the same password for everything. Free password managers like Lastpass can greatly simplify your life by generating a different complex password for each system you use whilst storing them all securely and automating your login. |
| 2 Factor Authentication or Multi Factor Authentication | Multi-factor authentication, using text messages, biometrics or pin codes that are generated for you will protect you if your password is stolen. |
| Use a VPN | VPNs protect your online privacy and ensure that your corporate communications are secure. They prevent attackers from reading your traffic by encrypting the data. VPNs consume more bandwidth and can be slow, however they do support remote access to critical systems. Be sure to check:
|
| Ensure firewalls are configured properly | Firewalls are your frontline when it comes to security. Ports and services should be configured securely and only in the context of your business requirements. Additional security controls, such as UTM, email content filtering, web content filtering and malware detection are all great add-ons that will add further protection to your operations. Be sure to check your firewall configuration regularly. |
| Secure the endpoint | Malware is on the rise; attackers are already manipulating fear associated with COVID-19 to exploit remote workers. Endpoint detection capabilities for Malware are essential, where possible you should deploy next generation malware protection such as SentinelOne as these have greater ability to detect new and unclassified attacks that traditional antivirus misses, plus they have the added benefit of isolation, remediation and rollback features to remove the need to pay a ransom! |
| Keep your systems patched | This is critical, patching must be maintained to reduce the change of malware exploiting a vulnerability that could have devastating effects across an organisation. |
| Always use back-ups | What would happen if you lost your data? The cause can be varied from hardware failure to, application crashing, device theft.
Users of Office 365 or other cloud-based productivity applications should always create in the cloud, back up is automatically in the cloud and disaster recovery in-built. If you’re a OneDrive or GoogleDrive user, save your document to your local folder to make sure its saved in the cloud too (you need to be connected to the internet for this to work). |