Octubre 22, 2020

8 tips for securing remote workforces

Joel Snyder

Working from home has suddenly become the new normal for many organizations, and IT departments have had to pivot to protect people and systems far away from the office. Here are eight tips for managing the risks of WFH staff.


1. Audit home network environments

In theory, the security of a home network shouldn’t matter because everything attached to it should be self-protecting. In practice, though, better security in the home network pays off with more reliable connections and a more aware user community.

The word “audit” isn’t what you want to use when communicating with end users, but the idea is the same: a quick checklist of things to help boost overall security. This should include:

  1. Verifying that their Wi-Fi has a password and that the security settings are WPA2 (or WPA3 for newer equipment). Anything older, including WEP or no-password Wi-Fi, should be addressed. If you can, encourage users to change their Wi-Fi passwords every six months or so.
  2. Checking that the router/modem is protected — that it does not have the default password and it can’t be managed from outside.
  3. Ensuring that home computers are all protected. If necessary, extend enterprise anti-malware licenses to include everything on the home network. Ask users to check that security patches are automatically applied to all systems on their home network, and remind them that a password (even a short one) is needed for any systems.


2. Step up security training and support resources

The biggest risk factor for security is always the human, and security teams need to be constantly (but gently) training users on the current threats and best practices. Now is the time to re-evaluate whether your information security training is up to date and consider providing bite-size reminders to users to help them spot and avoid common attack vectors, such as phishing attacks. Look at your options for delivering security training, with an eye toward remote staff — is your current security program meeting their needs?

At the same time, realize that remote workers have a more flexible schedule and may choose to start earlier in the morning or later in the day. Meet their needs by extending help desk hours as much as possible and by making sure that users know the help desk is there, even for home network problems. Yes, you might spend some help desk time and money fixing Xbox and Chromecast problems, but users need to feel that they have someone they can talk to if they have any security questions.


3. Check your logs

IT teams should be keeping an eye out for security events at all times, but having staff in the office made it easier to detect problems such as infected PCs when a user called for a re-image. Shifting staff outside of the office eliminates this parallel channel and makes the logs coming out of endpoint security and configuration management tools more valuable for catching problems early, before they affect productivity or security.

If users have company-provided devices, make sure that your configuration management tools are enforcing regular software updates — and logging when these updates fail. The same goes for endpoint security tools: Make sure that updates are enabled and happening. Use logs to discover systems that have fallen out of compliance and actively work to get them updated.


4. Review and update mobile device management policies

Enterprises with Bring Your Own Device (BYOD) or Choose Your Own Device (CYOD) programs should also take a look at their mobile device management (MDM) policies in light of the shift to working from home. Is the group structure for policy enforcement appropriate? Should work-from-home (WFH) staff have additional applications preloaded? As with other parts of the infrastructure, what can logs and reports tell you about devices that may be infected or out of compliance with policy?

This is also a good time to review MDM infrastructure and consider a shift toward cloud-based tools, such as Samsung’s Knox Manage. If you’ve got on-site MDM, but no one is on site anymore, the cloud is an economical alternative that can also get you out of the business of maintaining and updating MDM servers and applications.


5. Roll out multifactor authentication if you haven’t already

Multifactor authentication (MFA) is one of the most powerful tools security teams have for mitigating credential theft, one of the main goals of phishing attacks. The most effective MFA program design is still up for debate, but the bottom line is that even the weakest MFA is far better than password-only authentication systems, and it protects you against all but the most determined attackers. If you haven’t switched to MFA for all important applications, O/S logins and virtual private network (VPN) functions, now is the time. Don’t let analysis paralysis keep you from doing something to mitigate this severe threat.

If you have switched to MFA, step back and do a self-audit to make sure that all applications are covered and that the MFA is actually being used, especially by high-profile executives and privileged IT users. In the rush to deploy MFA, many organizations skip over smaller applications, such as interactive logins to network and security devices, to get the broadest coverage. Now is the time to drill down and make sure you are protected at every level.


6. Address increased recreational use of work devices

WFH means increased use of work devices for recreational activities, such as social media, streaming video, personal browsing and so on. This is an inevitability when someone is in a home environment, especially if they’re juggling childcare and other household responsibilities at the same time. Acknowledge this, but mitigate the risk to enterprise data by creating protected enclaves. For example, with mobile devices running Android Enterprise, you can create a work profile to prevent leaks of company data to personal applications.

This is another opportunity for staff education. Make sure that staff are not using insecure social media tools or personal accounts for communications with colleagues or customers.


7. Check the security of collaboration tools

Whether you’re using Google G Suite, Microsoft 365 or an assemble-it-yourself toolkit, ensure that people are using the tools you’ve selected and configured rather than falling back on personal accounts for videoconferencing, file sharing and messaging.

For example, if you discover that people are using their personal Dropbox instead of a corporate Google Drive, find out why. Is there a problem with your configuration, or an important missing capability that’s inhibiting collaboration?


8. Rethink workflows that are not 100% digital

Now is the time to look at processes that require personal handoffs, printed documents or wet signatures. You may have worked around these on an urgent basis at the beginning of the year, but that’s a stop-gap. Examine processes that had to be short-cut, and look to see how they can be moved to a more secure, 100 percent digital workflow. Cloud-based tools, such as SignNow and Paymo, can be used to re-engineer old processes and better support a WFH model.

See how the Galaxy Enterprise Edition paired with Knox Suite can offer your remote employees defense-grade security, no matter where they work from.

[Ícono] cerrar

Comenzar con Samsung Knox

[Ícono] maletín
¿Es un distribuidor, un proveedor de soluciones o un proveedor de servicios?

Conviértase en socio de Knox y haga crecer su empresa hoy mismo.

[Ícono] información

Seleccione un producto Knox para comenzar:

Paquete todo en uno
Knox Suite
Cambios de marca y personalización
Knox Configure
Protección contra el fraude y el robo
Knox Guard
Plan de protección de dispositivos
Samsung Care+ for Business
Otros productos y servicios

Comience con

[Imagen] Knox Suite

Paquete de soluciones todo en uno para ofrecer movilidad empresarial.

  • Obtenga una prueba gratuita de 90 días para hasta 30 dispositivos.
  • Un conjunto completo de herramientas para proteger, implementar, administrar y analizar los dispositivos corporativos.
  • Pruebe funciones potentes incluidas en el paquete de Knox Suite.

Knox Suite incluye lo siguiente:

Knox Mobile Enrollment Gratuita
Knox Manage
Knox Asset Intelligence
Knox Platform for Enterprise Gratuita
Soporte remoto de Knox
Knox Capture
Knox Authentication Manager

Comience con

[Imagen] Logotipo de Knox Configure

Personalice sus dispositivos Samsung y cámbieles la marca.

  • Obtenga una prueba gratuita de 90 días para hasta 30 dispositivos.
  • Configure de forma remota los dispositivos Samsung en masa y personalícelos según las necesidades específicas, desde el primer momento.
  • Configure sus dispositivos para una implementación de una sola vez o actualícelos cuantas veces quiera.

Comience con

[Ícono] Logotipo de Knox Guard

Protección contra el fraude y el robo para dispositivos Samsung.

  • Obtenga una prueba gratuita de 90 días para hasta 30 dispositivos.
  • Reduzca los riesgos financieros y proteja los activos mediante el control remoto de dispositivos Samsung.
  • Pruebe todas las funciones de Knox Guard, incluidos el control de SIM y el bloqueo de dispositivos.

Comience con

[Imagen] Logotipo de Samsung Care Plus For Business

Planes de protección de dispositivos para dispositivos Samsung.

  • Limite las interrupciones empresariales con reparaciones y reemplazos de dispositivos rápidos. Comuníquese con el equipo de ventas de Samsung para comenzar.
  • Vea toda la cobertura para dispositivos e información de reclamaciones en un solo lugar.
  • ¿Ya compró Samsung Care+ for Business? Cree una cuenta y active su plan en la consola Samsung Care+ for Business.

Otros productos y servicios

[Imagen] Otros logotipos

Soluciones modernas para abordar sus necesidades únicas.

  • Obtenga soporte técnico eficiente de un administrador de cuentas dedicado con el Soporte técnico empresarial.
  • Cree dispositivos a medida para su empresa mediante Samsung Software Customization Service.