As steps to counter the coronavirus outbreak take effect, millions of workers across the globe have been sent home with their laptops for the first time. If you’re one of them, or if you’ve recently been tasked with the job of setting up remote users from scratch, here’s how to get up and running, while staying safe from cybersecurity threats.
Add a header to begin generating the table of contents
Computer set-up
When comprehensive lockdowns in China initially came into force, second-hand laptop and tablet scales soared. Work out what equipment people will need and carry out a kit inventory to avoid a last minute buying scramble later on. Note: this includes peripherals such as screens, headsets and connector cables as well as actual computers.
If the plan is for employees to use their own equipment, make sure it is up to the job. Check the recommended hardware and operating system specifications for installing and running the software your people will be expected to use. Also, bear in mind that if the machine they will be using is underpowered (e.g. running a very basic i3 processor), the user may struggle to run multiple business applications at once.
Avoid ‘shadow IT’
According to McAfee, 25% of sensitive enterprise data going to the cloud is uploaded to high or medium risk applications, not approved by their employers. This is known as ‘shadow IT’, whereby staff start using software for business purposes that hasn’t been checked or authorised by the IT department.
If you fail to give your staff the tech stack they need, along with a whitelist of approved software, they are simply going to fill in the gaps themselves. This runs the risk of adoption of apps that are vulnerable to exploits.
Right now, many businesses will be looking at collaboration, team management and communication software for the first time. Those in charge of IT security need to ensure that only reputable apps are deployed. Must-haves include end-to-end encryption, multifactor authentication and strong, verifiable uptime statistics.
Connection to the network
If staff require access to the company network, you need to ensure that the means of access is secure. For this, consider adopting a Virtual Private Network (VPN), designed to provide encrypted access between remote users and the company network.
Reputable business VPNs include NordVPN Teams, Encrypt.me and Perimeter 81. Also consider Zero Trust Network Access & Software Defined Perimeter solutions to limit the attack surface of remote access solutions.
Mobile Device Management
Mobile Device Management (MDM) software makes it easier to deploy, secure and monitor not just mobile devices - but also the laptops and desktops that are in play across a scattered workforce.
With the right MDM platform, administrators can carry out software and system updates in bulk. You can remotely back up data, quarantine or remove unauthorised applications or users, monitor for malware and security threats, and set up secure containers for especially sensitive files. Especially useful if an employee leaves your company while your office is still quarantined, you can ensure that all corporate information is removed from their device(s) remotely.
Maintain good cybersecurity hygiene
Rather than taking an ‘access all areas’ approach, establish which parts of your system remote users will actually require access to in order to do their job. Use internal firewalls to cordon off externally accessed systems from the rest of the network.
Ensure that robust measures are in place to prevent access to internal systems by outsiders. Two-factor authentication is recommended here: e,g, a combination of password and numerical access code.
Harden access
Home workers need to bear in mind the following:
Company security policies still apply. Avoid drifting into an ‘out of sight, out of mind’ mentality and make sure that you still stick to your company’s IT usage and security policies. This includes matters such as not downloading unauthorised apps, visiting off-limit websites on work machines and opening emails/links from unfamiliar sources.
Password strength. As discussed above, two-factor authentication can reduce the likelihood of unauthorised systems access. Especially for applications that rely solely on a password for verification, the usual recommendations regarding password strength apply. Key aspects of this are length (ideally at least 7 or 8 characters), and having a combination of letters, numbers and symbols. Passwords should also be unique, so that if one business account is compromised, there is less likelihood of a hacker gaining access to all areas.
Secure your home router. Ensure you are aware of any firmware updates affecting your router and that these are installed promptly in order to patch any security vulnerabilities. Apply the highest level of encryption available from your service provider and switch off WPS.
Be wary of phishing threats. As we covered recently, scammers are upping their game to take advantage of the coronovirus threat. With so many people changing their working set-up, workers need to be especially wary of phishing emails targeting personal information or seeking to gain access to company accounts.
Check email addresses and domain names carefully. If in doubt about an alleged sender’s identity, contact them via a number/address located somewhere other than in the suspect email.
Update your skillset
Time on your hands? This could be the ideal opportunity to grow your cybersecurity skills and advance your career. Explore our full range of courses here.
Thanks for the rish info sir hope all bests
My pleasure.
Hi People, It’s a very informative blog and Thanks for sharing.
Thanks mate.
Unbelievable … I like this content and I recommend that everyone protect their Internet …
Sounds like a good idea! :)
Thank you very much for the pointers. This is a very useful blog.
My pleasure.
Fantastic courses, and so many quick wins with personal cyber security from the first few lessons. I also appreciate the articulate instruction method that is backed by clear visuals and resources.
Thank you Nathan so much for taking the time to share your 25 years of knowledge.
On that note, off to learning and listening some more.
Cheers.
Thank you. If you looking for cyber courses check out our VIP membership here to 140+ courses. https://www.stationx.net/vip-membership
Thank you Nathan for pointing out on various possible threats with some simple solutions. It’s a very helpful blog.
My pleasure!
This is a great blog. But why Nordvpn?
Good question. NordPN tick most of the privacy boxes you want and one of the big things you need is trust in your VPN provider. I trust them more than others because I have met the owners and discussed in detail with there business and tech people about what they are doing. I’ve been to their offices. Are they perfect? No. But I have a level of trust in them that I dont in others because I haven’t met the people running other VPNs.
Nathan, I would love to get your opinion on ProtonVPN.
Good Security Checklist here Natan came with when working from Home
Thank you.
Hi Nathan
Would you have a preference for a particular MDM piece of software for windows.
Good question. I don’t have a recommendation as I don’t feel I have enough experience in them. They also need to fit the needs of the business. If you are interested in them. Get the vendors to demo them for you. See what fits best.
Thanks Nathan, I shall reach out to a couple of vendors.
Hi Nathan,
How does the service Logmein compare to the VPN’s you recommend? My company is using it and was wondering about the security implications and how it is or isn’t different from a VPN.
Thank you
It’s a big question that can’t be answered in a comment. They are totally different approaches. Logmein is a remote access tool. A VPN is an encrypted tunnel. They can even be used in combination. You need someone who knows what they are doing to assess your implementation.
Thanks for the response.
Do you know if Logmein is just an encrypted RDP tunnel?
It is not an RDP tunnel.
This course has made me a reborn IT, and the newsletters make me more and more eager to keep on in this area, plus the course itself it really opens your mind. thanks a lot sir
Thank you.
That’s a great checklist,
Instinct tells me that 2-FA and a VPN ideally be applied everywhere right now. Or an IP whitelist at least, whenever a login is required.
Hello Nathan, once again you have shared important security practices when working from home with us. I would like to add that the employees should also be made to store their data in the secure cloud services. what is your thought?
Their data needs to be backed up. Some remote workers just save direct to the business network, at home or cloud.
Hi, wonderful blog .