Like many other businesses, SmartBase quickly shifted to a 100% remote workforce this spring when the pandemic was picking up steam and remains primarily remote at this time. We already had a very extensive work from home policy and were very well prepared to make the shift to 100% remote, utilizing our secure private cloud and current policies and procedures.
One of the greatest concerns for any business when making that shift to a remote workforce is security. What controls do I need to put into place for my team and their devices to ensure that my environment is as secure as possible for a remote workforce? A good way to look at this is, all of your policies and procedures should account for remote team members and apply no matter where the individual is working.
The biggest risk in any network is people, not someone being malicious, but making a mistake such as browsing to a dangerous website, clicking on a dangerous link, opening a dangerous attachment, or responding to a phishing email while believing they’re conversing with someone on your leadership team; these are the things that keep your IT team awake at night. Some best practices you can utilize to protect your environment include:
- Ensuring that your network is only accessible via a secure, encrypted connection, such as a secure VPN client.
- Use an email threat protection that helps protect your network if someone clicks on a link in an email or opens an email attachment. This link or attachment will be sandboxed to ensure it is safe prior to allowing the user to move forward with an action. These tools can also help protect you from phishing scams. Most business email solutions, such as Microsoft’s Office 365, offer email threat protection features.
- Taking advantage of the tools available on your firewalls. Most next generation firewalls offer tools such as Antispam and Malware Protection to protect your email, web filtering to protect while users are browsing the web, and Intrusion Prevention services to protect your network from hacking attempts.
- Ensuring that you have a solid back up plan including backups to a secondary storage device on a segmented network as well as to an off-site location, either a disaster recovery site, a cloud solution, or tape, giving yourself multiple recovery options.
- Ensuring that your anti-virus protection is staying up to date on all devices and that you’re taking advantage of the features available to you such as web filtering, ad blocking, and malware protection.
- Encouraging users to lock their screens when away from their device and using Windows Group Policy to ensure that their devices will lock and require a password entry if left unattended. You should also have a policy which disconnects or logs off users from server connections after a period of inactivity.
- Ensuring that no one is logging into their device with administrator access. This will limit the potential damage if their account is compromised or if they click on or open something that they shouldn’t.
- Ensuring that your OS patching policies include applying critical updates as quickly as possible.
- Implement and utilize a data loss prevention tool to prevent sensitive data from leaving your network. If you’re using Office 365, you already have very effective DLP functionality available to you.
- Utilizing Group Policy to ensure that external storage devices, including USB and optical medium are disabled on your end user devices.
- Rather than using online file sharing services for sending and receiving data files, utilize a secure FTP server.
- Regularly audit active users and access levels to ensure that access levels are appropriate for each team member’s current role and that access has been removed from all former employees and contractors.
- Implement a process of sending periodic educational emails to your users to keep security top of mind. Some good topics include:
- Email security best practices and what to look for in suspicious emails, as well as what is safe to send via email and what should never be sent via email unencrypted
- How to encrypt sensitive files
- Ensuring wireless connections are secure when working remote
Another important thing to remember is building trust with your team. The last thing you want is your team to feel that they can’t come to you when they’ve made a mistake or have a concern, out of fear of being reprimanded. This could result in valuable remediation time being lost when you could have greatly minimized the impact if that individual had come to you right away. Mistakes happen, let’s remediate the issue, analyze what happened and why, learn from it and put into place any necessary policies, procedures, and training to prevent it from occurring again, and then move on.
If you have any questions or feedback feel free to reach out to us at 612-767-9940 or firstname.lastname@example.org.