If the Covid-19 pandemic hasn't altered your work environment, you're probably one of the few. These days, the remote Work From Home approach has become the defacto standard for most knowledge workers. To say this isn't going to change for the foreseeable future, is probably an understatement. Now that employees have seen how well it works, we're knee-deep in a HUGE culture shift. As they say, Work From Home is here to stay. Now what?
Well, now more than ever this means that you need to ensure that your employees (who are working from home) and their systems are as safe and secure as when they were inside the four walls of your office. This means it's time you took a long, hard look at not only your cybersecurity policies and procedures but also how your staff are setup to Work From Home - and secure them!
Here are our best practices for making sure your staffs' Work From Home setup is as cybersecure as possible...
Every security professional would agree that if you're working from home, you should have a "real" firewall in place. Not what the cable company gives you. And it should be a business-class one at that. This not only protects the home network, but your business as well.
Keep in mind, without an appropriately sized firewall (ie: as in throughput capabilities), your employee's Work From Home experience could be less than stellar. Consider they'll be on Teams or Zoom video calls more than ever - as will their kids and spouse. And don't forget all the bandwidth used by gaming consoles and other devices on the network. So, size this appropriately.
Similar to the firewall concept, every machine on the home network should have a business grade anti-virus protection. And Windows Defender is not ok. Whatever your corporate AV is, implement this at all your Work From Home machines. And - it should be managed centrally by your IT department to ensure it stays updated.
This one goes without saying (although I'll say it anyway). Do not allow your staff to connect to your network without a VPN (Virtual Private Network). It's not ok to open ports on your firewall and let someone remote in - even if you think "it's only temporary". All connections in to your network must be secure!
Similar to machines inside your office network, all machines that are used for any sort of business function should be patched on consistent basis. The easiest way to ensure this is happening is to add the machine to your Windows domain and have your IT department monitor and manage them. Which leads into...
5. treat it like an office computer
Going one step further than simply keeping the patches on the machine(s) up to date, seriously consider adding the home computer to your Windows domain. This will seriously up the security level of the machine. If it's part of the domain, you can control and manage it no differently than any other machine located at your office. This includes things like security GPOs (Group Policy Objects), password requirements, and screen lock time-outs.
6. Dual factor authentication
No different from a workstation in your office, implementing Dual Factor Authentication (or 2FA) will further ensure only secure users are accessing the machine, your network, and any related resources. This is must in the office, so it should be a must for WFH machines too.
7. wireless access points (WAPs)
Lockdown all wireless access points. Ensure encryption is turned on, the guest network is turned off, and the administrator password has been changed.
8. iot devices
This is latest wrinkle adding to the complexity of securing the Work From Home environment. IOT (or Internet of Things) refers to all the devices that are now connectable to the internet. Things like the Ring doorbell, the Nest thermostat, Apple TV, Alexa, and even the latest refrigerators (not to mention wifi capable printers) - all devices that connect to the internet in some way are now additional failure points that hackers can take advantage of to get into the network.
9. file syncing
This is a scary proposition. Most file sharing applications (Dropbox, Box, Anchor Sync, even OneDrive) are all file syncing programs. This means if you install the client application on the computer (as opposed to accessing their files through a browser), it makes a copy of the file(s) on your computer - you just don't know it. Again, a HUGE security breach if your computer isn't secured appropriately. We would recommend NOT installing any file sharing or syncing programs locally unless the hard drive is encrypted or the machine is being managed by your IT department.
10. user training
This really should be number one. Every WFH user should know and understand the cybersecurity risk they're now presented with when Working From Home. Everyone needs to understand how to connect remotely. Why they need to be secure. And what it means to the company if they don't pull their own weight in being an active participant in ensuring the company is kept secure.
User training should cover this, but just in case - users need to know what phishing looks like, what to do when they see a suspect email, and best practices for internet hygiene just like when they're in the office.
This is no longer a luxury that you'll deal with when you get around to it. Having the appropriate Telecommuting and Work From Home Computer Use Policy in place is a must for every company with a remote work force. If you don't have one, check out our template here.
13. DEVICE administration and passwords
Last but certainly not least, one of (if not) THE most important item to address is to make sure to change the default Administrator password on every device that's on the home network! The Ring doorbell, the Nest thermostat, the Apple TV, etc. are all gateways for hackers to get into your staff's home network then get into yours. Think about it - the default Administrator password that comes preset on every device is available and known to any half-way decent hacker. If they find any of these devices on the home network, they're in. So, at the very least - go ensure all of these are changed asap!
On a non-cybersecurity related note, one other thing to mention when setting up your staffs' Work From Home environment is to take into account their internet speed. Nothing frustrates remote users more than slow response time. Like I mentioned earlier, higher speeds are really needed these days (100+ MBS) with all the video meetings and the like (not to mention all the bandwidth other family members will take up). So, make sure to account for this to head off the frustration your users will run into.
Well, there you have it. Clearly, the Work From Home paradigm is here to stay. Whether your staff are working remotely on your machines or on their own, it's now more critical than ever to protect the assets of your business. Unfortunately, now it's also that much harder. Over the past few months, this has become a critical, ongoing discussion we're having with all of our Managed Services clients and making inroads to address.
Keep in mind, if you're not addressing this - more than likely this has now become the "weakest link" in your technology armor. Don't wait for something to happen. Get ahead of it by using this information to secure your Work From Home machines quickly and comprehensively.
What are you doing to secure your staffs' home office computing environment? Have you started to address this? How are you going about it? Please share your thoughts in the Comment box below or shoot me an email if you'd like to chat about this in more detail.