When employees transition from working in the closely-guarded walls of an office to the wild unknown of remote locations, companies have to come up with an entirely new security gameplan to ensure they mitigate risks and attacks. The following checklist is a great starting point to help safeguard your company’s assets and confidential information.Determine which endpoint protection you will require for WFH employees.
When employees work remotely, the level of control you had over their computers while in the office is no longer possible. This is when endpoint protection, like Windows Defender, becomes a necessary antivirus tool in order to protect them. Requiring all home employees to use an antivirus tool on any machine that access company resources is also highly recommended. In addition, consider if you need to use alternative cloud-based means to monitor workstations and review what support console tools you currently use as well as the necessary licenses needed to access computers that aren’t part of your domain.
Implement two-factor authentication (2FA).
When adding more remote access solutions, consider adding two-factor authentication to all company applications. Many tools are easy to implement and provide another line of defense to stolen and reused passwords. While your company may have put together something quickly to allow employees to work remotely, you can still help to ensure that only authorized users are allowed access to company data.
Use a virtual private network (VPN).
VPNs have been a mainstay in remote work for years, but recently several high-profile vulnerabilities have been exposed. Often, VPN software hasn’t been updated in years. Ensure your VPN solutions are up to date both in the data center or on the employees’ devices and that passwords are rotated on a schedule.
Educate employees on scams and update acceptable use policies.
The National Cyber Awareness system recently sent out an announcement of current COVID-19 scams making the rounds. Remind your team not to click on unsolicited emails and to only use trusted, official websites. In addition, a central online bulletin board is a good idea for updates and notifications in case anyone in your company is infected. Finally, verify that your acceptable computer use policies are updated to reflect best practices for remote usage.
Schedule a proactive threat assessment, as well as a review of firewalls and access policies.
Stay ahead of potential security risks and attacks with a proactive security approach— going beyond the standard vulnerability snapshot from a set of external-facing IPs or a wireless internal segmentation assessment. Consider taking a more comprehensive snapshot of everything that's happening, including all remote connections, all critical assets, and users that are connecting to remote systems from various locations. Threat-hunting workshops are also a good idea to help determine how a malicious actor might break into a system.
For those who use geoblocking in their firewall to restrict access from different locations, policies will need to be reviewed and revised too now that employees will be logging in from various locations.
Theses steps are just the tip of the iceberg when it comes to securing your new remote workforce. Security is a journey, not a destination but starting with simple steps can help you arrive safely.