7 Steps to Make the Switch to Remote Workers

dataloss

The COVID-19 pandemic is a hellfire test for healthcare systems and civil rights everywhere, but it also changes the workplace paradigm. As such, while some organisations already adopted or were in the course of adopting the remote work paradigm, now many are forced to do so.

Some may see this as a good thing (looking for that silver lining), but the situation also opens the door to a wide range of risks for companies and organisations that are not prepared for the change.

So, can your company provide remote workers with a secure and risk-free work environment? Do you have all the tools to keep your data safe and reputation unscathed?

Endpoint Security for Home Users

REndpoint security refers to keeping the endpoints of your network safe. In the case of employees who work from a remote location (most likely their homes) the endpoints are their personal devices (smartphones, laptops, tablets).

If their devices are infected with malicious softare and connect to the company network, this could represent a security breach for the company's network.

Start by enquiring employees about the antivirus software they're using. Many people will install free software or the very basic version of a paid antivirus, which is not enough. In our experience, free software is not effective in stopping major threats, which is why we strongly recommend a paid version we work with Bitdefender or Webroot.

Quick tip: Do not accept Mac systems that don't have proper antivirus protection! There is a myth going around that Mac systems don't get infected, but our experience shows some Apple computers carry more malicious software than Windows ones.

Actions to Take

To protect the company against an eventual data breach, set a policy that requires all employees working from home to use an accepted antivirus solution (you can offer a few suggestions) on each of the devices used for office purposes.

You can (and should) have the IT support team check home workstations and use remote support software (like Teamviewer) to set everything up.

Make Sure Employees Have the Right Software/Apps

In order to be productive, employees need access to the tools they used to have in the office. This may mean that you'll have to purchase a few more licenses or share the ones you already have,

For instance, some Office 365 licenses can be installed on several computers, tablets, and smartphones. Also, Volume licenses allow you to get Office for home use for your employees. Lastly, if you're a G Suite user, there's no need to worry about Office software as you have access to Google Docs, Sheets, and other tools, you can even edit MS Office files in Chrome with the office editor chrome extension.

As a side note, Google offers all G Suite users access to Hangouts Meet Enterprise without additional costs (offer is valid until mid-year). This way, you don't have to worry about meetings and conferences.

Actions to Take

When you use apps like Google Hangouts and Teams (from Microsoft), you also need to make sure all employees are up to date with privacy policies and secure information handling. Make sure all employees understand the type of information that can be discussed during video calls and which documents can be shared. Also, make sure everyone has the right equipment for calls, to avoid lags, technical difficulties, and frustrations.

You may also have to provide IT support for each employee when it comes to setting URLs and login credentials for access to video conferencing platforms. To avoid this hassle, you may want to use Chrome Management to automatically add bookmarks and Chrome extensions for all the websites staff need. Combine this with a password management tool that can automatically sign them in, while keeping the passwords secure, and your network will be more protected.

Ensure Remote Access Does Not Introduce More Risk

You may have to set up and license remote access servers (such as Windows 10 Virtual Desktops or other remote technologies) for the first time. While they are useful, it's important to make decisions that prevent opening your network to security risks.

When it comes to remote access that includes remote access services, ransomware attackers look and scan for open RDP (Remote Desktop Protocol) servers. They target anything responding on port 3389 but there are tools (like TSgrinder) that scan for an RDP response on any port.

Actions to Take

Do not blindly open remote access ports without thinking of the risks and consequences this action implies!

If you must open remote access, ensure that the firewall is configured to only respond to certain static IP addresses used by your IT administrators to access the network remotely. Ideally use a VPN and run your RDP session over that to keep it secure.

Another protection measure is implementing two-factor authentication (2FA) solutions.

A solution that works well with RDGateway and Remote Web Access solutions is DUO.com. It's easy to implement and can be added to existing on-premises remote access solutions.

Keep in mind: While your organisation may need to move quickly to allow your staff to work remotely, you can still ensure that only admins and users are allowed in and that attackers are kept at bay!

Use a Virtual Private Network (VPN)

VPN is not a universal solution to all your security problems and worries, but it adds an extra layer of security, which is what it matters.

Still, it's best to choose a reliable solution, as there have been some vulnerabilities that hackers managed to explore. Also to avoid any unpleasant surprises, it's crucial that you only select up to date versions of the VPN solution you select.

Review & Revise Policies for Firewalls, Conditional Access Policies & Other Logging

If you're using a SIEM logging solution to keep track of login data, you should expect to see a change in reports. Given that employees will access the network from various IP addresses, your logging platform data will no longer be “normal”.

Also, if you use Geo Blocking in the firewall to restrict access from different locations, it's time to review and revise those policies. Otherwise, the employees will be locked out of the network. G Suite Enterprise allows Geo Blocking as well, so configuring what regions, IP addresses or even users can access your G Suite data is recommended.

In addition, you may have to increase internet bandwidth for inbound traffic to your organization. For those who rely on cloud services, you may need to diagnose and determine if home users have the appropriate bandwidth to support Office work and possibly video conferencing.

You also may find that the security settings of consumer firewalls and internet providers block some of your intended remote access. You may need to review connection logs, get security logs from your remote users, and add more resources to your Help Desk to help users connect remotely.

Lastly, if you're using G Suite or Office 365, make sure to configure your Data Loss Prevention (DLP) rules to prevent sensitive or confidential information from being shared externally.

Educate Employees on COVID-19 scams

As with every major crisis that impacts the business segment, there are people willing to take advantage of the confusion and panic. According to the National Cyber Awareness system, there are already some COVID-19 scams circulating online and we should expect to see more!

To prevent any problems, urge your users to not click on unsolicited emails and to use only official websites. Also, offer access to a central online bulletin board where people can go for official communications and notifications to maintain a high degree of transparency and honesty (crucial in this period).

Lastly, reduce the chances of your staff being tricked via email spoofing or social engineering by making sure you have the correct email settings in place. This way, you can verify that an email actually comes from someone in your organisation and not a cybercriminal. These emails settings are part of your domain name and are known as SPF, DKIM & DMARK.

You can also consider the implementation of website filters and spam filters to prevent these webpages or emails getting to your users.

Update AUP for Employees

Your Acceptable Computer Use Policies (AUP) must cover employees' home devices. If this wording is not already included, now is the time to quickly get up to speed in allowing employees' personal assets to be used for remote access. You'll need to work with the organisation's attorneys and tax advisors to see if the use of personal computers and personal phones of the employees mandate a need for reimbursement for use.

Plan for the Future (Yes, it's Coming)

While these are stressful times, it's best to focus on the future than dwell on what you can't change. For this, embrace the change, adapt to current conditions, but also think of this period as a test for your organisation when it comes to remote workers.

Even if you don't have everyone working from home (yet), take the time to consider it. Is your organisation ready for this step? Should you consider it as a permanent change? If you have more questions regarding security and monitoring employees' productivity, make sure to review the Onsite Helper Layered Security guide.

If you would like to speak to a IT security specialist, please get in touch with our team at Onsite Helper on 1300 889 839 or email enquiries@onsitehelper.com