If you’re an IT administrator, you might find yourself tearing your hair out. You’re on lockdown, all of your co-workers are working from home, and many of them are going to be using personal computers and consumer-grade internet connections to pass around your company’s mission-critical data.
There are so many issues with this scenario that it is hard to know where to start when it comes to dealing with this very unanticipated situation.
- Your VPN may be inadequate to support your full workforce working from home at once
- Your security tools may be unable to defend people working from non-corporate PCs
- New malware, breach and phishing schemes are taking advantage of the chaos
Ideally, you should be putting out all of these fires in tandem. But here’s some advice to help you prioritize issues, based on where the most significant risks lie and what is quick and easy to do.
Encrypt All Corporate Email
Over 80 percent of companies in the US have accidentally exposed sensitive data via email, which means that your company’s email system most likely contains important information. While you’d probably like to change that, now is not the time to force your employees to break bad habits.
Instead, you need to safeguard the data despite employees’ bad habits by encrypting all emails. Even if an employee forgets to use their VPN, email encryption will thwart eavesdroppers – and encrypting email at rest can stem the danger of a compromised endpoint. Make sure you choose a scheme that’s easy to learn and that’s activated by default – otherwise employees will most likely simply ignore it.
Adopt a Secure Remote Desktop Solution
Now that you’ve secured your email, you need to secure lines of communication between your workers and their applications and data. Even if you have an existing VPN, you may not be able to scale it fast enough, especially if scaling means purchasing and installing a new appliance. Excellent secure remote desktop solutions are available that can be provisioned quickly and scale rapidly. Look for one that offers more granular access controls, and choose a solution that is clientless, so that admins can set it up on in-office desktops from their own homes. A browser-based solution allows users to access their desktops and resources easily, without configuring anything on their own.
Enable Multi-Factor Authentication
You now have many unfamiliar devices connecting to your network from new locations. This potentially makes it easier for an attacker to disguise themselves as a legitimate user when employing stolen credentials. Enabling MFA will make it that much more difficult for attackers to gain access to your network. Meanwhile, you want to employ other defenses against credential theft.
Implement Robust Endpoint Security
There are several phishing scams and drive-by malware attacksthat are taking advantage of the current emergency by purporting to offer information about the Coronavirus. Even ordinarily astute individuals might be driven by anxiety to click on one of the offending sites, so you need to make sure that your users’ home computers are equipped with appropriately robust security.
Firewalls and antivirus are both traditional and useful, but you may also want to implement clientless solutions that are harder for users to avoid or ignore. For example, remote browser isolation lets users navigate the internet through a containerized browser in the DMZ that streams interactive content back to the desktop. Even if a user navigates to a malware site, the malware remains in the containerized browser and never makes its way back to the desktop. There are no malware warnings to click through, in other words.
Centralize Device Management
If you still patch endpoints by physically sitting at a user’s computer and downloading a new file, those days are over. Centralizing patch management isn’t just the best way to keep your endpoints and configurations up to date – it’s the only way. Even after lockdown ends, you’ll find that centralizing patch management is a better way to make sure that there are no vulnerable endpoints left lying around, so making this change is really an investment in your convenience.
Ensure Proper Backup and Business Continuity Plans
Now that everyone is working from home, your workers are almost certainly creating business-critical content from their home computers. You need to immediately begin making sure that your workforce has a backup solution that can image their hard drives in the background. Lightweight backup solutions ensure that your users aren’t inconvenienced or don’t simply disable backups on their own. Without this kind of solution, you risk losing critical data in the event of a hard drive malfunction or a ransomware attack.
In addition, you need to make sure that your situation still produces multiple backups. As always, you should keep adhering to the 3-2-1 rule — three backups, using at least two different kinds of storage media with one backup stored off-site.
You should also prepare for the prospect of being unable to access your data center. If this happens, you could be unable to restore backups from your private cloud during an emergency. You may want to invest in cloud backups that will allow you to fail over remotely.
Using these techniques, you’ll be able to build yourself a secure and reliable work-from-home posture that will see you through more than just the present-day lockdown. By investing in a secure environment that lets everyone work from home safely, you’ll be making your job easier and your data safer once the lockdown comes to an end.