Securing the Work-from-Home Arrangement

Antoun Beyrouthy
April 14, 2020
5 min read

With the recent COVID-19 pandemic, employees are resorting to working from home. While working remotely might seem like a practical arrangement, it brings with it major security challenges to your organization.

Rest assured however, as there is a solution to every problem. Today we will provide you with ten controls that will help you empower your employees while keeping your assets secure.

  1. Go through the tunnel:

The importance of adopting Virtual Private Networks cannot be stressed enough. VPN solutions prevent malicious users that could be connected to the same network as your employees, from sniffing their traffic and collecting valuable information.

Make sure to have a VPN firewall to which your employees connect when they need to access your network.

VPN is also important when using cloud solutions, so be sure to provide your employees with a reputable VPN client.

  1. Know your friends:

Remote access brings its own security challenges, one of which being secure authentication. While it is not easy to ensure a remote person is who they say they are, 2-Factor Authentication should do the trick.

For authentication to on-premises assets, enforce 2FA using RADIUS servers and software tokens on your employees’ mobile devices.

For cloud services, make sure to pick providers that allow single sign-on, and use an enterprise SSO service with 2FA.

  1. Watch your shadow:

With the easily accessible cloud services and online tools of today, Shadow IT is becoming an even bigger threat to the enterprises.

To avoid Shadow IT, provide your employees with any technology and software they might need, which prevents them from adopting their own set of tools and solutions.

As an additional precaution, make sure to enforce a whitelist of approved applications and solutions.

Also make sure to implement a host-based web filtering solution, to prevent employees from accessing personal email providers and cloud solutions that might not be approved by your company.

  1. Beware of the virus:

COVID-19 is not the only virus you should protect yourself from. The digital world is full of malware, that could cripple the work of your employees, or worse yet, result in a data breach that could have devastating impact on your organization.

Implement a centralized antimalware solution, and make sure antimalware agents are capable of updating themselves, even when they are not connected to your company’s network.

  1. Stay up to date:

The best way to protect your organization from the ever-changing threat landscape is to make sure your operating systems and applications are constantly updated, to cater for any new vulnerabilities.

With the current situation, the work-from-home scenario might last for months. This is why you need to make sure that applications and operating systems on your employees’ devices are able to get their updates without connecting to your company’s network.

  1. Protection while resting:

While VPN encrypts and protects your data when in-transit, you need to make sure that data at-rest is also protected, in case a device is stolen or lost.

Enforce full-disk encryption on all devices used by your employees. Don’t worry if your company did not acquire such a solution: all modern operating systems provide this feature out-of-the-box (BitLocker on Windows, FileVault on MacOS), however you should make sure to enable it.

  1. Stay in control:

Study the possibility of implementing a Mobile Device Management or Enterprise Mobility Management solution like Microsoft InTune.

Using MDM or EMM, allows you to easily manage the organization’s devices remotely.

You will be able to apply proper policies, enforce application whitelisting, and store and encrypt sensitive data in secure containers.

In case the device is lost or stolen, or if the employee is terminated, the device can be remotely wiped.

  1. Social distancing in the datacenter:

What applies to viruses in the real world, might also apply to viruses in the digital world. While in the real world social distancing prevents contamination, network segregation protects your assets in case one of them becomes compromised during an employee’s remote access.

When your employees are accessing your network remotely, make sure they can only reach assets that are necessary for their work. Your critical assets should be separated in different zones through internal firewalls, and should remain inaccessible from your remote access gateway.

  1. Protect the weak:

Humans have always been the weakest link in the security chain. All it takes is one employee clicking on a malicious link in an email, and the security solutions you paid so much for could become useless.

This is why it is necessary to provide security awareness training for your employees, to allow them to differentiate between legitimate and spam or phishing emails.

Security awareness also renders them capable of identifying the threats and steering away from them.

Make sure all employees know how to report incidents and to whom.

Last but not least, it would be smart to provide your employees with best practices to follow on their home devices as well, such as using WPA2 security and changing the passwords on their routers, changing the default passwords on their IoT devices and keeping them up to date.

  1. Break the quarantine (virtually):

Physical quarantine means you will need collaboration and video-conferencing tools to keep your employees engaged and in good mental health.

When selecting which services to use, make sure the products are reputable, and provide end-to-end encryption.

Some collaboration tools allow file exchange. If that is the case, make sure the files are stored either locally in a secure container, or on a secure cloud storage provider, depending on your industry’s regulations.

For video-conferencing tools, make sure meetings are password protected, and that you have control over who can access them.

On a final note, working from home can have a de-motivational impact on your employees. Adding security on top a that might push the demotivation even further.

In a time where the need for social interaction is at its peak, engage your employees through video conferencing where you can discuss social life and maybe even play a game.

Be sure to follow-up on their physical and mental health, and keep in mind that the more they feel involved and cared for, the more productive they will get.

And for the time being, stay safe, stay strong, and stay secure!