Preparing for an Extended Work From Home Arrangement
For most companies, remote work took place on a small scale. Then came the Coronavirus. It is a different world then it was three months ago. An increasing number of companies are implementing work-from-home strategies in an attempt to keep their employees safe. The problem is that while companies are looking out for their employees to protect them from exposure to the virus outbreak, they may be opening up their networks and digital resources to another type of malicious virus.
Companies are sending their employees and their enterprise devices away from the secure confines of the office network. For many of these users, it will be their first time working remotely on a full-time basis.
If your company has or is considering the initiation of a work-from-home program, you must consider the following challenges.
Your employees work in isolation without face-to-face interaction with their peers and superiors
Users will be working with company data within insecure environments
Every user account that is allotted remote access opens up one more point of vulnerability.
Working from home may make users less vigilant when it comes to cyber hygiene
Hackers Take Advantage of Coronavirus
To compound this situation, hackers are doing what they do so well, tapping into the fear and anxiety of so many during this difficult period. Coronavirus-themed domain registrations are 50 percent more likely to be from malicious actors. Cybersecurity researchers have identified several fake COVID-19 tracker maps that infect people’s computers with malware when opened.
Coronavirus does not Exempt Compliance Objectives
Just because your computers have moved off-premise does not mean you are exempt from compliances such as HIPAA, NIST, ISO, FINRA, or other compliance regulations. Organizations that fall under compliance jurisdictions will be held accountable when it comes to securing the personal data of their employees, customers, and third-party individuals. There is no free pass for compliance and cybersecurity.
Connecting your Users to the Enterprise
Years ago, companies may have considered allowing users to direct RDP access to their desktops. However, hackers can easily probe open RDP connections, and thus the reason why we have urged our clients for several years not do permit this. Instead, a VPN connection or Remote Desktop Gateway should be configured.
Employ industry recommended encryptions and authentication: AES128\SHA256
Enable the VPN gateway-only mode (to disable split tunneling). This ensures that local web traffic is going through the company Internet and firewall filtering.
Training and Communication
If you are like many companies that have been putting off your broad-based cybersecurity training for “someday,” well, “someday” is today. Don’t leave users to fend on their own. Consider sending out weekly emails that remind employees how to detect and handle phishing and other forms of social engineering attacks. Remind them about keeping data safe, and other remote-work policies you have incorporated.
Remote Work Guidelines
In addition to your Remote Work company policy, here is a small list of procedures you can communicate to remote workers:
Do not allow the sharing of company-owned equipment. Family members should be prohibited from accessing any work computing device.
Restrict the number of people authorized to conduct wire transfers, new payment requests, or other financial transactions. Alternatively, adjust the company policy to requires employees to confirm these types of requests with management, and to verify their authenticity using a documented process.
Prohibit employees from downloading or saving company information to personal equipment or storage devices as well as personal cloud storage services.
Remind employees to log out of their computers whenever they are not in use while at home. This may seem obvious at work, but users may feel more relaxed when outside of the office for an elongated period.
Reinforce to your employees the importance of safeguarding certain types of company information such as customer and employee information, trade secrets, protected intellectual property, etc. A data loss prevention filter (DLP) is a great tool that can be used to scan and block messages that have credit card numbers, social security numbers, etc.
Ensure that all computers leaving the perimeter are encrypted, receive their regular patches and updates
From the looks of the current situation, it seems as if the work-from-home experience is going to be significant, perhaps lasting months. This is a big adjustment for both employees and organizational leaders. But with good solutions and technologies in place, we’re confident that a productive and secure model of remote working can emerge.
Our Credentials and IT Services:
- Award Winning (MSP Mentor) Managed Services Provider
- Microsoft Silver Certified Partner & Small Business Specialist
- Managed IT Security Services Bundled into Support Plans
- Your Local and Reliable New Jersey IT Consultants