8 Steps to Secure Remote Working for Covid 19

8 Steps to Secure Remote Working for Covid 19

Reading Time: 5 Minutes
Last month we had our first (and hopefully last) anniversary of the Covid 19 pandemic. For this occasion, we reviewed an article from last year – a practical guide to secure remote working in your business.

When the first lockdown hit, many companies scrambled for remote working solutions. In that rush, some cyber security considerations may have fallen to the wayside. As the third lockdown lingers on, securing your remote workforce is a must, as working from home is the new normal. We have outlined 8 key security steps for secure remote working that apply to all companies, regardless of size.

1. Establish what is covered with your IT Support Provider
Both the requirements and coverage agreements tend to be different when working remotely. Protecting people’s personal devices in their home networks demands more attention than in a controlled environment such as the office. Your IT provider may or may not cover the usage of non-commercial home devices or PCs to access your company’s IT resources remotely. You need to know what is covered and if they are incorporating home working.

It is considerably better to allow them to manage your home workers with their centralised management tools than to do it solo. Ask the question. At this stage, a good IT Support Provider will have managing a remote workforce down to a science.

2. Provide Malware Protection for Your Remote users
While you may have centralised malware protection and monitoring of all the workstations at your physical office, you likely do not have the same level of control for home computers. If possible, we recommend that you ask your IT provider to extend their Malware protection and remote management solutions to your home office users.

If that is not an option (and it should be), Webroot offers multi-device packages for a reasonable cost, covering both PC and Mac environments. Macs should not be exempt from using endpoint protection software. One in ten Mac users has been attacked by the Shlayer Trojan.

Set a policy that all home employees must use an antivirus tool on the machines that access the firm’s resources. Moreover, have your IT support provider verify this before you install your secure remote access tools.

3. Make sure remote working does not introduce more risk
You may have had to suddenly set up remote access servers, Windows 10 virtual desktops or other remote access solutions. Whatever you chose, make it consistent across your organisation, as it makes it simpler to manage and roll back at a later stage. In particular, do not blindly open remote access ports without thinking of the risks and consequences.

Remember that ransomware attackers look and scan for open RDP servers, targeting anything responding on port 3389. This means any open doors are considered critical security concerns that could compromise your business. For RDP servers, you need a VPN solution, period.

4. Reinforce Cyber Security Education and Make Staff Aware of Covid-19 Scams
The Irish Times have reported a huge increase in COVID-19 scams that are circulating. Urge your users to not click on unsolicited emails and to use only official websites. The same principles used to identify Phishing emails apply here, and you can find more about them in our article How to Identify a Suspicious Email.

Ensure that the firm has a way of centrally communicating incidents so that you can trace all official communications and notifications to act accordingly. Additionally, a Mailbox filtering tool also helps reduce the number of fraudulent emails your employees will receive every day.

Security Awareness Training

5. Update security and Acceptable usage policies for staff
Make sure your acceptable computer use policies cover staffs’ home computer assets. If this wording is not already there, you’ll need to quickly get up to speed to allow employee’s individual assets to be used for remote access. Policies should also cover remote working protocols, and payment processes need to be reviewed to avoid becoming a victim of payment scams.

Click here to learn more about the Invoice Fraud and the CEO/CFO Fraud to understand the importance of payment protocols.

Some of the biggest frauds in cyber could have been avoided if proper payment processes were in place. A simple confirmation phone call before a requested fund transfer is enough to confirm the identity of whoever is getting the money.

6. Review what software remote employees need
There are two considerations here. Your staff may need to access productivity applications that can only be run from inside your network. In this case, a remote connection to a Remote Desktop server or their PC may be best.

For users that use Microsoft 365 and cloud-based apps, you may only need to provide Microsoft 365 applications. For this, you will need to consider your licence requirements. A Microsoft 365 license allows you to install the Office suite on PCs, Macs, tablets, and smartphones, equal to the number of users you acquire. Those with Volume licenses can allow Office for home use purchases for your employees. You may need to review your options and licensing alternatives based on what platform and version of Office you are currently licensed for.

Which Microsoft 365 Package is Best for your business?

If you are in doubt, reach out to your IT support provider; they may be able to provide temporary licenses with screen connection software that they already use to remotely manage your network.

7. Implement Multi-Factor Authentication (MFA)
When implementing secure remote working, consider adding MFA to remote access solutions. This adds an extra layer of security to your users; and makes it much harder for a cybercriminal to steal someone’s identity. We have a One-Page Guide on Multi-Factor Authentication and Single Sign-On, where we explain how they work and why they’re so important.

Ask your IT support provider about adding MFA solutions such as DUO or Microsoft’s native Multifactor Authentication solution to access your IT infrastructure both in the office and the cloud.

While your company may need to move quickly to allow your staff to work remotely, you can still ensure that only those admins and users are allowed in mitigating the threat of identity theft.

8. Secure connectivity with a virtual private network (VPN)
A VPN will hide your identity and online activity when browsing. It can also be used to ensure company files are only accessible from whoever is in the organisation.

Most Unified Threat Management Firewalls (Sonicwall, Fortinet, Sophos) include an inbuilt free SSL VPN client that can be deployed to provide secure end-to-end connectivity for your end-users. Ensure that your Firewall and VPN solutions are up to date as this reduces the possibility of security vulnerabilities.

Prepare for the future of secure remote working

One year and three lockdowns in, remote working isn’t going anywhere, that’s the reality. It is important to define how you work remotely, review improvements and then secure your remote workforce properly. As always, the CIS provide excellent guidance with their CIS Telework and Small Office Network Security Guide. Review that to see if there are any other security issues you should be monitoring.

Next Steps to ensure Secure Remote Working

Contact Spector IT

Have a question? Get in touch!

Whether your query is big or small, we’d be delighted to help.

Contact Spector IT