How the landscape for remote working will never be the same again
The current challenges being faced by all businesses regarding the impact of Coronavirus (COVID-19) are unprecedented in our history.
The vast scale and shift of businesses attempting to enable their staff to work remotely at short notice is posing serious resource, security and compliance concerns for many organisations; with some organisations potentially being unaware of the risks that unplanned remote working can cause.
During my 19 years working in IT in various Support, Pre-sales and Account Management roles, I've worked with businesses of all sizes on their security and disaster recovery planning as part of wider IT strategies. Traditionally, businesses have created straightforward disaster recovery plans to mitigate against disasters such as, fire, flood, power outage, server/site or datacentre outages.All these scenarios are predictable and recovery plans have been tried and tested to meet agreed recovery timeframes.
However, the uncertainty around the duration and impact of COVID-19 is proving extremely challenging and very daunting for many businesses to plan against in the longer term, especially with businesses trying to ensure successful business operation is continued.
Many businesses are asking their staff to work from home and to use either their work/home/personal devices to access corporate networks or systems remotely during this crisis, which can present real risks and security challenges. Most users will be utilising their home broadband connections and personal devices, which do not have the same levels of network protection, management and control that corporate workplaces have in place.
During this difficult time, we'd like to provide some advice on the basic areas of IT security that need to be considered to allow safe, successful and secure remote working.Please note, this list is not a full comprehensive security checklist, however taking these steps will reduce the risk of compromising your business in the short term.
• Raise staff awareness of the rise of email phishing campaigns due to the current crisis. https://www.bbc.co.uk/news/technology-51838468
• Secure all remote access to corporate networks via secure VPN (Virtual Private Network).
• Utilise Multi-Factor Authentication (MFA) as an additional layer of security to secure VPN access and access to cloud solutions such as Office 365, Microsoft Dynamics, Salesforce etc.
• Implement a Mobile Device Management (MDM) solution, to ensure only corporate or approved and controlled personal devices can access approved mobile applications, access services such as corporate email or download documents.
• Look to provision or scale out Citrix or VDI (Virtual Desktop Infrastructure) solutions for remote workers to access business systems and applications securely.
• Consider DLP (Data Loss Prevention) solutions, to ensure organisations remain in control of their corporate data, with data sprawl restricted and data loss prevented.There are real risks of users downloading corporate data to personal, unsecured and non-managed devices, which may be in breach of company data handling compliance policies and even GDPR.
• Internet traffic and URL/website filtering to ensure staff are not taking up internet bandwidth with media files/streaming services etc. and staff are only using the VPN for priority traffic.
• Ideally external network vulnerability scans and assessments should be utilised to ensure only the required ports and services are open to allow external access.
Ultimately, we understand the importance of your workforce staying connected with each other during this working from home period, and are here to support you throughout the process. We are currently offering reduced rates on a selection of our Security solutions, such as our vulnerability assessment and penetration testing, to ensure you don't experience any downtime from cyber threats and are fully aware of any new threats the current situation may be putting you in. If you would like to speak to us about this or find out more, please get in touch with us here.