Free 15 Minute Remote Access Network Security Consultation
Will letting them work from home through remote access compromise network security?
You’re letting employees telecommute to keep them safe. But could giving them remote access compromise your business’ cyber security? Schedule a free 15 minute phone call with our cyber security experts.
Why Coronavirus Presents a Cyber Security Threat
If you were to describe a perfect situation for cybercriminals to prey on victims, it would look something like this…
- Worldwide fear of a situation that changes every day. A lack of information and abundance of misinformation puts millions in a state of anxiety
- Millions of workers working from home using remote access for the first time
- Workers given new technologies for remote work such as Microsoft Teams, Slack, Onedrive, Dropbox, VPNs, etc. Anxiety on using these new technologies prevail
- The use of home computers or laptops that are not properly managed by IT personnel. Computers with inadequate security, antivirus and threat detection
- Constant legitimate emails from 1000s of businesses talking about their plans to keep customers and employees safe
- Millions of phishing emails mimicking legitimate emails with the lure of information on the crisis, a sense of urgency, notices on the new technologies the employees are using (i.e. fake Microsoft Office 365 emails), fake system administrator emails explaining the new technologies and various other topics that employees can be lured into opening, reading and clicking
This is the perfect storm for an epidemic of ransomware, business email compromise, databreaches and various other cybercrimes!
Secure Remote Access During COVID-19
Every business is unique, but here’s a basic to-do list:
- Set up a separate, external network dedicated just for remote access. If anything dangerous gets through security measures and infects your business server, it can’t spread to other parts of your network.
- Set up a site-to-site VPN connection or use a secure remote service.
- Use encryption, multi-factor authentication, and session locking to safeguard all sensitive data.
- Update as prompted. Keep your hardware and software patched and updated, including your employees’ remote computers.
- No more weak passwords. Create and enforce strong password policies. Require employees to use a password manager.
- Enable session time out on all teleworking connections. Enable automatic screen locks on all computers.
- Manually configure employee computer firewalls and anti-malware/anti-virus software.
- Add additional security authentication layers to company data on mobile devices.
- Set up restrictions to keep unknown or unnecessary browser extensions from being installed. These can insert tracking codes and spread malware that goes undetected. Only use browser extensions you know you can trust.
- If computers will be used in public places physically secure them with locking cables.
- If possible, provide company-owned devices for employees to use that can be maintained and secured by in-house IT-staff or your managed service provider.
- Consider end-point detection and response or remote access logging to monitor what is happening on your IT systems.
Consider this from the U.S. Department of Commerce:
Regardless of how many security protections are used, it is simply impossible to provide 100 percent protection against attacks because of the complexity of computing. A more realistic goal is to use security protections to give attackers as few opportunities as feasible to gain access to a device or to damage the device’s software or information.
