Our Remote Workforce experts have compiled a list of best practices to help organizations who are rapidly building or expanding work from home capabilities. These best practices address the following concepts:
Remote Access
- Be sure to include multi-factor authentication (MFA) as you rapidly expand remote access.
- VPNs – Include MFA and review access control lists (ACLs) and other policies to ensure you maintain the necessary, but least privilege access.
- Corporate Devices – If you are rapidly issuing corporate devices for employees to take home and work, make sure your imaging processes are up to date. Include your anti-virus (AV) and malware solutions as well as the latest available patches for maximum protections as you extend your networks. Safe practice is to encrypt your devices in the event they don’t make their way back and are lost or stolen.
- Personal devices – If you are allowing access via personal devices as part of sending employees home, be sure they are being proxied into your network to avoid opening up any potential malicious activities to traverse from a personal device to your corporate network. Citrix virtual desktops or virtual apps are a great way to do this. When possible, personal devices should be placed into an untrusted zone. These devices should not be fully tunneled into the network.
- Make sure remote systems are patched and running AV locally. If end users are using their home computers, help them understand how to run Windows updates and leverage native Windows Defender, or another endpoint solution. There are some free ones out there for home use.
- Printing & USB – It is worth double checking these policies to be sure they are set appropriately. Printing to home networks and remote USB access could open the door for data leakage or data loss. If your policy is to restrict the actions remotely, be sure these policies are set as you rapidly expand access to more of your workforce. If printing isn’t essential, the best practice is to restrict remotely.
- Session limits – Be sure you don’t leave open sessions unnecessarily. Take a second look at idle and total time of session limits to avoid the introduction of additional risk to your environment.
Email Threats
- Email will continue to be the primary threat vector. Now may not be the time to run COVID-19 related phishing email campaigns, but internal reminders should be considered as scammers and fraudsters will take advantage of the situation. A review of email protection is warranted to make sure rules and signatures are up to date. As all companies are taking actions to protect their employees and customers, most are sending out COVID-19 related emails to communicate to consumers so deciphering the good from the bad is getting increasingly difficult.
- Purchasing – Extra vigilance may be warranted with your supply chain, accounting teams and other back-office workers as email fraud will rise. With many needing to rapidly expand key areas to support the changing business structure, these employees will be easy targets as they are likely trying to move quickly to help support the business with purchasing needed items.
Networks
- Network Perimeters – Make sure firewalls, proxies and intrusion detection/prevention systems are up to date and signatures are recent to ensure they catch malicious traffic and attempts.
- SIEMs/SOCs – It is likely you will start to see new traffic and logging patterns with the majority of your workforce, so now is the time to pay extra attention to those new norms. Understanding these new patterns may require additional dashboards and reporting to stay on top of activities.
- If your SOC/MDR services are managed, have a conversation with them to be sure they are on the same page with you as your business is responding.
Identity/Access
- If your business is considering relaxing security or access controls, be sure to document along the way. Hopefully security will not be sacrificed, but in some instances it may be necessary to maintain continuity so good documentation will be critical when re-implementing these controls.
- Additional access may be granted to employees to help with demand in certain areas. Be sure to keep records of this so it can be reverted after the surge.
Cloud
- If cloud systems or capacity is part of your rapid response, ensure you apply some due diligence in expanding those capabilities. Cloud providers can greatly aid the response time for your team, but mistakes are common while configuring services even when not dealing with a crisis.
- If using cloud for increased capacity make sure it is documented and all events should be sent to a SIEM like solution. It is important when configuring the use of resources that the “least access” privilege method is followed.
- As supply chains are impacted and/or physical access is limited, scaling using cloud platforms will be essential to supply businesses with resources to scale and respond to productivity demands.
Physical
- Remotely monitoring datacenter operations will be important to ensure systems are operating efficiently. HVAC and other temperature maintenance systems may fail and rising temperatures could be detrimental to business operations.
- Power systems (UPS, Generators, etc) should be checked to ensure they are operating free of error and are ready for operation in the event of power loss as your response time will be impacted if all employees are remote.
Internet Capacity
- When everyone is working inside the office, there is a lot of LAN traffic. Once everyone is working remote, there will be a spike in inbound internet traffic to those internal systems. You should monitor internet pipe to proactively account for the increased inbound network traffic if necessary.
Business Continuity Staffing
- While the personal responsibilities take priority organizations will need to ensure they are managing the resources adequately. Some verticals (namely Healthcare) can no longer adhere to the on-call support structure for after-hours support and will need to reconsider these plans.
Automation
- As business process is assessed, automation of these standard processes will aid in the event workers are unable to return in a timely manner, but also introduces cost effectiveness moving forward.
We hope these tips help you through these challenging times. With the right plan in place, your business can adapt and thrive.
