Key Steps to Protect Your Remote Workforce
This week, to the relief of many people, Ireland entered the first phase of our five-stage plan for easing COVID-19 restrictions.
Although we have finally reached the beginning of our journey back to ‘normal’, looking at the government’s roadmap it seems organisations will have to adhere to Work-from-Home policies where possible until at least August.
Secora Consulting was founded with remote working central to its operations. We have extensive knowledge of cloud platform implementation and have helped clients move their operations into the cloud while ensuring the security of data and privacy is central to the migration process.
Therefore we thought we would share with you what we believe are key steps to protecting your workforce while they work remotely.
Improve Staff Awareness of COVID-19 scams
As we have mentioned previously, cybercriminals seem to be using the confusion and misinformation associated with the COVID-19 pandemic to their benefit. In particular, there has been a marked increase in Phishing emails offering advice on Coronavirus and how to combat it. One of our clients received emails which were sent company-wide pretending to be from the CEO. These emails told all employees to work from home and to find further information via clicking a particularly safe looking URL.
Phishing isn’t a new phenomenon it is one of the most commonly known and used forms of a cyber attack, simply because it is effective and works.
Thankfully, the success of a phishing campaign hinges on human interaction and therefore can be easily combated. Making your staff aware of what phishing emails look like, how to spot them and what to look out for, can greatly reduce the threat to your organisation.
Don’t introduce unnecessary risk
To accommodate the sudden transition to a remote workforce many IT departments had to suddenly set up and license remote access servers almost overnight.
Our advice would be not to blindly open remote access ports without thinking of the risks and consequences accordingly. If remote access is required, ensure the firewall is configured correctly so that it will only respond to certain whitelisted IP addresses or ranges.
Introduce a multi-factor authentication (MFA) policy
Many remote access and cloud-based solutions currently available come with a multi-factor authentication feature. It should be a strict policy that any new solutions introduced and indeed current solutions in place have the multi-factor authentication feature added and activated.
This additional security step will help ensure that the only people accessing your network are those within the company and not attackers.
Ensure all employees are using an up-to-date virtual private network (VPN)
Now that you have employees sitting at home accessing the corporate network it is imperative they do this using a virtual private network (VPN).
A VPN will ensure that the connection from your employee’s device to your network is encrypted. It will help prevent unauthorised people from eavesdropping on the traffic and allow your staff to securely work remotely. Using a VPN will also allow you to restrict access to your remote devices, for example, you could use your corporate network as a whitelisted range, only allowing access to remote devices from your corporate network. This coupled with requiring MFA on all services and devices will significantly increase your security posture.
It is crucial that you make sure the VPN solution your organisation is using is up-to-date both on the organisation’s server or firewall and the desktops of your remote workforce.
Revise Firewall policies
With most Firewalls initially set-up to help keep your internal networks secure, the current policies in place may restrict access for remote workers.
For example, some organisations will have some form of GeoBlocking in place on their firewall, with your entire workforce suddenly becoming remote this may restrict access from some staff depending on where they are located. Given the sudden level of inbound traffic, it is also worth considering increasing the policy around inbound traffic.
Ensure all employees have endpoint protection installed.
If your workforce were predominantly office-based ahead of the COVID-19 outbreak then it is likely many of them worked from desktop computers.
To accommodate the sudden need for a remote workforce we have seen two common scenarios organisations have found themselves. Firstly ordering a large number of laptops at short notice and have them delivered directly to employees homes or allowing employees to use their personal laptops for work purposes.
In both scenarios IT departments are at a disadvantage as they would not have been able to ensure all laptops were set up correctly. This includes not using gold images, installing security tools or not being able to push group policy or other controls and policies out to end-users
Organisations should ensure that all employees have endpoint protection installed on the device they are working on, in particular, if the device is also being used for personal use. We recommend implementing a policy that all laptops must only be sent using corporate gold images, endpoint protection, and ensuring laptops are fully aligned with company policies.
Review software before installing
To allow employees to work effectively in a remote world, you may find your organisation is introducing several new software applications.
It is crucial that you do your due diligence before introducing any software to your infrastructure. As highlighted with Zoom, the sudden need for organisations to operate remotely can put their organisation at risk if they don’t do their due diligence software.
We recommend making a list of what tasks you need a software application for and then have your IT department compare each offering taking security and remote working into consideration.
Ensure that any policies and procedures you have in place around computer use or security are adequately updated to cover the new home office environment as well as any changes to your office. Take into consideration GDPR especially around new technologies which you’re using to store data.
Update any policies and procedures to include remote working The home office should be viewed as an extension of your organisation’s office and your policies should state this to ensure employees are using corporate devices and accessing corporate information correctly and safely while working remotely.
If you would like Secora Consulting to examine your online cloud platforms and new remote working infrastructure to ensure you are secure and operating in-line with best practice then reach out.
All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.