When employees transition from working in the closely-guarded walls of an office to the wild unknown of remote locations, companies have to come up with an entirely new security game plan to ensure they mitigate any and all risks and attacks related to remote work security. To make this process less stressful, the following checklist is a great starting point to help safeguard your company’s assets and confidential information while employees work remotely.
1) Determine which endpoint protection you will require for WFH employees.
When employees work remotely, the level of control you had over their computers while in the office is no longer possible. This is when endpoint protection, like Windows Defender, becomes a necessary antivirus tool in order to protect them. Requiring all home employees to use an antivirus tool on any machine that access company resources is also highly recommended. In addition, consider if you need to use alternative cloud-based means to monitor workstations and review what support console tools you currently use as well as the necessary licenses needed to access computers that aren’t part of your domain.
2) Implement two-factor authentication (2FA).
To enhance security, companies should consider implementing two-factor authentication (2FA) when adding more remote access solutions. This ensures that only authorized admins and users are allowed in, preventing attackers from gaining access. Even if companies need to move quickly to allow employees to work remotely, they can still add 2FA as a quick and easy solution.
3) Use a virtual private network (VPN).
VPNs have been a mainstay in remote work security for years, but recently several high-profile vulnerabilities have been exposed. To mitigate the risk, companies should ensure that VPN solutions are up-to-date on the server or firewall, as well as on employees’ computers. In addition, companies should consider using alternative VPN solutions that offer better security.
4) Educate employees on COVID-19 scams and update acceptable use policies.
The National Cyber Awareness system recently sent out an announcement of current COVID-19 scams making the rounds, so remind your team not to click on unsolicited emails and to only use trusted, official websites. Additionally, setting up a central online bulletin board can help ensure that all employees receive timely updates and notifications. Companies should also verify that their acceptable computer use policies are up-to-date and reflect best practices for remote usage.
5) Take a proactive security approach to remote work security and schedule a threat assessment, as well as a review of the impact to firewalls, conditional access policies, and other logging.
Stay ahead of potential security risks and attacks with a proactive security approach— going beyond the standard vulnerability snapshot from a set of external-facing IPs or a wireless internal segmentation assessment. Consider taking a more comprehensive snapshot of everything that’s happening, including all remote connections, all critical assets, and users that are connecting to remote systems from various locations. Threat-hunting workshops are also a good idea to help determine how a malicious actor might break into a system.
Companies that use geoblocking in their firewall to restrict access from different locations should review and revise their policies to account for the fact that employees will be logging in from various locations while working remotely.
You may also need to increase bandwidth for inbound traffic to your organization and potentially diagnose and determine if remote employees have appropriate bandwidth to support Office work and video conferencing, if your company relies on cloud services. Lastly, find out if the security settings of home firewalls and internet providers will block some of your intended remote access.