Telecommuting (Securely) During a Pandemic Outbreak

Derek Morris
Mar 16, 2020 1:30:00 PM

Unless you live under a rock, you’ve likely seen the incessant news coverage of the Coronavirus (COVID-19). This has driven many companies to allow working from home for their staff. The technology has existed for years to allow workers that do not need to be in the office to work remotely or from home. Cybersecurity postures are now being adjusted and are allowing for this to happen. The office environment is now being extended into some dangerous, less controlled environments. What can a company do to ensure their enterprise security is being taken seriously when workloads move away from the highly controlled office networks? Compass IT Compliance recommends a few areas and services your company can enforce to ensure your security posture can cover this telecommuting movement:

  1. Policy Enforcement
    1. Forcing your employees that have roles that could make working from home an option re-read and acknowledge security policies. These policies should include acceptable use, remote access, password, and data handling. Enforcing the importance of the policies can help ensure your staff are using the appropriate tools, sites, and services for their work
       
  2. Endpoint Protections
    1. Ensuring systems that leave the office network have the appropriate protections and tools in place. IT staff should make sure the antivirus/antimalware applications are enabled, up to date, and actively monitoring the systems. Virtual private network (VPN) connections should be used for all business communications and collaborations. Also, ensure that the users of these remote systems have the least privilege needed on those systems to complete their work
       
  3. Reinforce Security Awareness Training
    1. Being aware of your surroundings sometimes seems like common sense when communicating with employees, other staff, customers, and vendors. This brings an opportunity to train your employees on what to be aware of when working in or near public spaces. Having them exercise discretion when discussing work related items is a strong start in keeping your information safe outside the walls of the office
    2. Use this opportunity to properly train your employees on what to look for in phishing emails, what actions to take, and how to report them to the IS or IT groups
       
  4. Enhance Security Configurations
    1. Info Sec (IS) and IT groups should take this opportunity to push for and implement greater security measures in the tools, services, and products the enterprise uses. Multifactor authentication, automated encrypted connections, permissions, and access reviews are just a few of the areas the IS and IT groups can really begin to secure in a better manner

Additionally, employers should look at the following remote working security areas of focus:

  • MFA for ALL remote access
  • Hardening remote devices (CIS has some great guides)
    • Remove Local Admin access to system
    • Set UAC to highest setting
    • Enable drive encryption (BitLocker)
    • Ensure no changes to login can be set i.e. PIN or Face recognition
    • Force login with username and password
  • VPN access to LDAP to enforce password policy GPO
    • Hours and IP restrictions for access depending on users
  • Auto-patch set on system if it cannot connect to company patch system remotely
  • Auto update AV set to connect to internet for signatures if cannot hit company AV server
  • Ensure AV or Endpoint protection tools are using the available addons for real-time scanning and web filtering, etc.
  • Remove split tunneling for VPN connectivity if possible
  • IF IT has remote access using tools, ensure MFA is enabled and configuration settings are checked
  • IF possible, backup any files to internal servers prior to removal from office
  • Revise Remote Access and Work from Home policy to include security and customer data - get sign off now
  • Enforce Acceptable Use policy
  • Ensure monitoring and reporting is enabled for access failures

Compass IT Compliance can help you ensure all these areas help make your networks and remote workers stay safe and secure. Contact us today to learn more and discuss your unique situation!

You May Also Like

These Stories on Policies and Procedures

Subscribe by Email

No Comments Yet

Let us know what you think