EXECUTIVE SUMMARY:
Are we facing an unprecedented pandemic, or will our fears be unfounded? It’s impossible to say right now, but global concerns over the current spread of coronavirus are driving companies to review how their processes enable or stymie employees’ capacities to work remotely.
Accessing an internet connection is easy enough, and cloud office suites and SaaS applications make it seamless to transition from working at the office to doing so on the couch in your living room. But most organizations have not previously supported so many employees working remotely, and employees themselves may be unfamiliar with best practices when working from home.
So now is definitely the time to review and enhance security around remote access to corporate data, at both ends of the connection. Here are our top tips for secure remote working for employees, and for their employers.
Best practices for employees
We naturally tend to be more relaxed at home, especially when it comes to security. After all, we’re in the safety of our own homes, so what could go wrong? Unfortunately, cyber-criminals are seeking to exploit exactly this sort of complacency with carefully-engineered phishing exploits and threats. So employees should:
- Passwords matter: it’s a good idea to review and strengthen passwords that you use for logging onto remote resources, such as email or work applications.
- Be phishing-aware: be wary of clicking on links which look in any way suspicious and only download content from reliable sources that can be verified. Remember that phishing schemes are a form of social engineering so if you receive an email with an unusual request, check the sender’s details carefully to make sure that you are communicating with colleagues, not criminals. Our research team has uncovered that domains related to Coronavirus are 50% more likely to be malicious, so make sure to cast a critical eye over anything unexpected that pops into your mailbox.
Best practices for employers
This guide should serve as a starting point for organizations whether their apps and data are stored in data centers, public clouds or within SaaS applications.
- Trust no-one: Your entire remote access plan has to be built using the mindset of zero-trust where everything must be verified and nothing should be assumed. Make sure that you understand who has access to what information – segmenting your users and making sure that you authenticate them with Multi-factor Authentication. Additionally, now is the time to re-educate your teams so that they understand why and how to access information safely and remotely.
- Every endpoint needs attention: In a typical scenario you might have people working on desktops inside the office. Assuming that their devices aren’t going home with them, you now have a slew of unknown devices which need access to your corporate data. You have to think ahead about how to handle the threats posed by data leakage, attacks propagating from device into your network, and you need to ensure that the overall security posture of the devices are sufficient.
- Stress-test your infrastructure: In order to incorporate secure remote access tools into your workflows, it’s critical to have a VPN or an SDP. This infrastructure must be robust, and should be stress tested to ensure that it can handle a large volume of traffic, as your workforce shifts gears to work from home.
For an extended version of this article, and more best practices for employers, click here.