8 Steps in Securing Your
Remote Workforce
Critical steps that IT teams should take to protect their remote workforce and avoid risk.
GET STARTED
According to data based on an analysis of US Census and Bureau of Labor Statistics by Global Workplace Analytics, the number of people working remotely in the US increased 159% between 2005 and 2017, and over the last five years, remote work growth is at 43%. As of July 2019, 4.7 million people in the US were telecommuting, up 3.9 million since 2015. Factor in a pandemic in 2020, remote work has skyrocketed.
Global Workplace Analytics now estimates that 56% of the US workforce holds a job that is compatible (at least partially) with remote work. What does this mean for our long-term workforce? They predict that the longer people are required to work from home, the greater adoption we’ll see, leading them to predict that by the end of 2021, 25-30% of the workforce will be working from home multiple days a week.
The fortunate side of this sudden increase in remote workers is that the technology does exist to support it. As more and more businesses are moving their resources and data to the cloud, remote work is quite feasible — it’s here, and quickly becoming the new normal.
Set strong
passwords
Don't forget to patch
Multi-factor authentication
Access
control
Often during a crisis best practices get thrown out the window. It’s imperative as IT teams enable their remote workforce that the basics stay front and center, and passwords is where it starts.
Passwords are the frontline defense for accessing critical data and applications, and as remote employees add their home network into the mix, it’s even more important to have strong passwords. Encourage employees to set passwords on their home network that aren’t identifiable and include numerous character types.
Set strong passwords
Since MSPs have already invested in the advanced technology and training necessary to build an expert team and systems, by leveraging a shared model, you gain access to the best tools and talent available to manage your IT environment — without having to invest in costly software solutions or stay on top of upgrades.
Advanced managed services require the ability to deploy a proactive service level toolset that monitors all aspects of an environment, including the core internal network infrastructure, virtualized servers, storage and both internal and cloud-based applications and resources. The right tools enable predictive monitoring services that help ensure uptime and higher service levels via proactive and reliable notification of potential issues.
Your MSP should utilize a service ticketing system that allows you to submit a ticket and automates workflow for triage, prioritization, scheduling and escalation. Ask for a demonstration of their tools and validate they have the right solutions in place to keep you up and running.
Where To Start
The security best practices mentioned above will help you protect your data and your workforce as they work outside your company walls. But, implementing these security measures can be another challenge altogether.
At OneNeck, we are here to help. If you aren’t sure where to start, we can execute a security framework assessment or vulnerability scan to establish a baseline and document where your risks are today. We can then help you prioritize a plan of attack to mitigate the risks and ensure your data remains protected.
Security doesn’t have to be overwhelming. With the right partner by your side, we can guide and assist you, incrementally building a robust security solution built on best practices and integrated tools.
Keep moving forward.
WE GOT YOUR BACK.
©2021. OneNeck IT Solutions. All Rights Reserved.
1.
It’s tempting to click that remind-me-later button, but don’t do it. Keep operating system security patches up to date and require employees to accept all security patches.
It's also important to remind employees when using non-company issued equipment at home, that they need to be vigilant about patching that equipment as well, especially if it's being used to access company assets.
While some patches are there to add new features and remove outdated ones, many patches include critical fixes to security vulnerabilities that hackers can exploit.
Don't forget to patch
Multi-Factor Authentication
A crucial part of protecting your organization, access control is all about controlling who gets access to what. Access control allows you to monitor critical access around domain admins and shared accounts (system, service, database, etc.).
There are three main components to access control: authentication, authorization and accounting.
Access control
Authentication verifies that someone is who they claim to be.
Authorization determines whether a user should be allowed to access the data or make the transaction they’re attempting.
Accounting is your log of events, which allows you to monitor for anomalies, use of privileged accounts and unauthorized changes (all security best practices).
While authentication has become more widely adopted, authorization is still a challenge. Continually monitoring and updating who gets access to data resources constantly evolves, which means access control is in constant flux. Recurring vulnerability scans against any application running access control functions can help ensure there aren’t gaps that are putting your organization at risk.
Endpoint protection secures end-user devices such as desktops, laptops and mobile devices from being exploited on a network or in the cloud by malicious actors and campaigns. Today’s endpoint protection solutions quickly detect, analyze, block and contain attacks in progress.
There are two options when determining an endpoint security solution: An antivirus (AV) software or a full endpoint protection platform.
Whether you invest in antivirus software or a full-blown endpoint protection solution, it is a critical part of ensuring your remote workforce’s devices remain protected while outside the safety of the perimeter.
Antivirus solutions are designed to run on a single computer or device and scan its contents to look for known malware or other dangerous files.
Endpoint protection platforms (EPP) incorporate AV and endpoint detection and response (EDR), which combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.
Endpoint Protection
When browsing the Internet and visiting sites that do not leverage HTTPS, your end users’ data is transmitted in an open format where anyone who intercepts their communications can read the contents. This is where encryption comes into play by encoding data so that only a computer with the right decoder will be able to read and use it.
In the past, it was common belief that if a website didn’t collect personal information (PI), then encryption wasn’t necessary. But times have changed. Now, regardless of PI collection, everyone needs some basic encryption. And when employees are dispersed, working outside the safety of the network perimeter, it’s even more critical to have an encryption solution in place for online browsing or accessing company resources.
It is important that while encryption strategies, with VPNs for example, are important in securing your remote workforce, you still need to layer risk mitigation strategies across your network. Each point solution is a part in the bigger risk mitigation picture.
Encrypted Connections
The effectiveness of Multi-factor Authentication (MFA) lies in a layered approach. Compromising multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn the user’s password, it is useless without also having possession of the additional authentication method.
It works by requiring two or more of the following authentication methods:
Something you know (typically a password).
Something you have (a trusted device that is not easily duplicated, like a phone).
And in some cases, something you are (biometrics).
This extra layer of security makes it incredibly difficult for opportunistic cybercriminals to log in as if they were an employee. And when combined with strong password requirements and habits, MFA can help thwart a high percentage of malicious attacks.
Commonly acknowledged to be a critical security best practice, data backup is a must. With the proliferation of remote workers and daily onslaught of new ransomware, maintaining a full and current backup of all your data can be a lifesaver.
The US Computer Emergency Readiness Team (US-CERT) goes as far as to say:
Remote workers do bring some additional challenges for business IT backups. But drastic changes aren’t necessarily required. For most companies with a solid security plan in place, it simply means extending provision to encompass employees who are based offsite, as well as ensuring your backups are protected, encrypted and frequently updated.
And keep in mind that while many assume SaaS applications are automatically backed up, that’s not the case. Many like Microsoft 365 employ a Shared Responsibility Model. This means that the manufacturer is responsible for the uptime, but you are responsible for the protection and long-term retention of your data.
Keep 3 copies of any important file: 1 primary and 2 backups.
Keep the files on 2 different media types to protect against different types of hazards.
Store 1 copy offsite (e.g., outside your home or business facility)
Backup your data
As users blur the lines between work and home, it is important to educate and remind them to remain hyper-aware of possible threats. Security policies need to be communicated throughout the organization, and employees should be educated to:
They should also be encouraged to report suspicious activity. It can be intimidating to report a potential cyber incident, so fostering open communication is important. Ensure they know where to report any suspicious activity, whether it’s an email or a team site – it needs to be clearly articulated.
Recognize phishing emails and suspicious attachments.
Use caution with links and when entering website addresses.
Check a website’s security (look for the lock) to ensure the information is encrypted before clicking submit.
Only use known/trusted sites.
Verify charity authenticity.
Know email senders.
End User Education
2.
3.
4.
6.
Encrypted connections
Backup your data
7.
End user education
8.
Endpoint protection
5.
CONTACT US TODAY FOR A FREE CONSULTATION
Of US workers hold a job that is compatible with remote work.
56%
People in the US are telecommuting.
4.7M
Increase in the number of US people working remotely
159%
Quick Facts
But with a work-from-anywhere approach comes additional challenges, challenges that have many IT professionals scrambling to secure their remote users while giving them the access to the internal resources they need to remain productive.
Of US workers will work remote by 2022.
30%
