Ottobre 22, 2020

8 tips for securing remote workforces

Joel Snyder

Working from home has suddenly become the new normal for many organizations, and IT departments have had to pivot to protect people and systems far away from the office. Here are eight tips for managing the risks of WFH staff.


1. Audit home network environments

In theory, the security of a home network shouldn’t matter because everything attached to it should be self-protecting. In practice, though, better security in the home network pays off with more reliable connections and a more aware user community.

The word “audit” isn’t what you want to use when communicating with end users, but the idea is the same: a quick checklist of things to help boost overall security. This should include:

  1. Verifying that their Wi-Fi has a password and that the security settings are WPA2 (or WPA3 for newer equipment). Anything older, including WEP or no-password Wi-Fi, should be addressed. If you can, encourage users to change their Wi-Fi passwords every six months or so.
  2. Checking that the router/modem is protected — that it does not have the default password and it can’t be managed from outside.
  3. Ensuring that home computers are all protected. If necessary, extend enterprise anti-malware licenses to include everything on the home network. Ask users to check that security patches are automatically applied to all systems on their home network, and remind them that a password (even a short one) is needed for any systems.


2. Step up security training and support resources

The biggest risk factor for security is always the human, and security teams need to be constantly (but gently) training users on the current threats and best practices. Now is the time to re-evaluate whether your information security training is up to date and consider providing bite-size reminders to users to help them spot and avoid common attack vectors, such as phishing attacks. Look at your options for delivering security training, with an eye toward remote staff — is your current security program meeting their needs?

At the same time, realize that remote workers have a more flexible schedule and may choose to start earlier in the morning or later in the day. Meet their needs by extending help desk hours as much as possible and by making sure that users know the help desk is there, even for home network problems. Yes, you might spend some help desk time and money fixing Xbox and Chromecast problems, but users need to feel that they have someone they can talk to if they have any security questions.


3. Check your logs

IT teams should be keeping an eye out for security events at all times, but having staff in the office made it easier to detect problems such as infected PCs when a user called for a re-image. Shifting staff outside of the office eliminates this parallel channel and makes the logs coming out of endpoint security and configuration management tools more valuable for catching problems early, before they affect productivity or security.

If users have company-provided devices, make sure that your configuration management tools are enforcing regular software updates — and logging when these updates fail. The same goes for endpoint security tools: Make sure that updates are enabled and happening. Use logs to discover systems that have fallen out of compliance and actively work to get them updated.


4. Review and update mobile device management policies

Enterprises with Bring Your Own Device (BYOD) or Choose Your Own Device (CYOD) programs should also take a look at their mobile device management (MDM) policies in light of the shift to working from home. Is the group structure for policy enforcement appropriate? Should work-from-home (WFH) staff have additional applications preloaded? As with other parts of the infrastructure, what can logs and reports tell you about devices that may be infected or out of compliance with policy?

This is also a good time to review MDM infrastructure and consider a shift toward cloud-based tools, such as Samsung’s Knox Manage. If you’ve got on-site MDM, but no one is on site anymore, the cloud is an economical alternative that can also get you out of the business of maintaining and updating MDM servers and applications.


5. Roll out multifactor authentication if you haven’t already

Multifactor authentication (MFA) is one of the most powerful tools security teams have for mitigating credential theft, one of the main goals of phishing attacks. The most effective MFA program design is still up for debate, but the bottom line is that even the weakest MFA is far better than password-only authentication systems, and it protects you against all but the most determined attackers. If you haven’t switched to MFA for all important applications, O/S logins and virtual private network (VPN) functions, now is the time. Don’t let analysis paralysis keep you from doing something to mitigate this severe threat.

If you have switched to MFA, step back and do a self-audit to make sure that all applications are covered and that the MFA is actually being used, especially by high-profile executives and privileged IT users. In the rush to deploy MFA, many organizations skip over smaller applications, such as interactive logins to network and security devices, to get the broadest coverage. Now is the time to drill down and make sure you are protected at every level.


6. Address increased recreational use of work devices

WFH means increased use of work devices for recreational activities, such as social media, streaming video, personal browsing and so on. This is an inevitability when someone is in a home environment, especially if they’re juggling childcare and other household responsibilities at the same time. Acknowledge this, but mitigate the risk to enterprise data by creating protected enclaves. For example, with mobile devices running Android Enterprise, you can create a work profile to prevent leaks of company data to personal applications.

This is another opportunity for staff education. Make sure that staff are not using insecure social media tools or personal accounts for communications with colleagues or customers.


7. Check the security of collaboration tools

Whether you’re using Google G Suite, Microsoft 365 or an assemble-it-yourself toolkit, ensure that people are using the tools you’ve selected and configured rather than falling back on personal accounts for videoconferencing, file sharing and messaging.

For example, if you discover that people are using their personal Dropbox instead of a corporate Google Drive, find out why. Is there a problem with your configuration, or an important missing capability that’s inhibiting collaboration?


8. Rethink workflows that are not 100% digital

Now is the time to look at processes that require personal handoffs, printed documents or wet signatures. You may have worked around these on an urgent basis at the beginning of the year, but that’s a stop-gap. Examine processes that had to be short-cut, and look to see how they can be moved to a more secure, 100 percent digital workflow. Cloud-based tools, such as SignNow and Paymo, can be used to re-engineer old processes and better support a WFH model.

See how the Galaxy Enterprise Edition paired with Knox Suite can offer your remote employees defense-grade security, no matter where they work from.

[Icon] chiudi

La soluzione giusta per la tua azienda

Unisciti alle oltre 25.000 organizzazioni in tutto il mondo.

[Icona] valigia
Sei un rivenditore o un partner di soluzioni?

Accedi al Knox Partner Program per usufruire di utili strumenti per i partner, come il portale Knox Deployment Program, il portale Knox MSP, SDK partner e altro ancora.

[Icon] info
Gestione unificata degli endpoint
Knox Suite
Rebranding e personalizzazione
Knox Configure
Protezione da frodi e furti
Knox Guard
Piano di protezione dei dispositivi
Samsung Care+ for Business
Altri prodotti e servizi

Inizia a utilizzare

[Image] Knox Suite

Una soluzione completa in bundle, appositamente concepita per la mobilità aziendale.

[Icon] Segno di spunta

Unisciti a noi e ricevi una prova gratuita di 90 giorni per Knox Suite e altri prodotti Knox. *Approvazione richiesta

[Icon] Segno di spunta

Un set di strumenti completo per proteggere, distribuire, gestire e analizzare i dispositivi mobili dell'azienda.

[Icon] Segno di spunta

Prova le straordinarie funzionalità di Knox Suite, come Knox Remote Support.

Knox Suite comprende:

[Icon] Knox Platform for Enterprise Knox Platform for Enterprise
[Icon] Knox E-FOTA Knox E-FOTA
[Icon] Knox Mobile Enrollment Knox Mobile Enrollment
[Icon] Knox Asset Intelligence Knox Asset Intelligence
[Icon] knox manage Knox Manage
[Icon] knox capture Knox Capture

Inizia a utilizzare

[Image] Logo Knox Configure

Configura da remoto i dispositivi Samsung in blocco e personalizzali in base alle tue esigenze specifiche per un uso immediato.

[Icon] Segno di spunta

Dopo l'approvazione, è possibile provare:

  • Setup Edition - Progettata per le distribuzioni singole
  • Dynamic Edition - Distribuzione e aggiornamento dei criteri secondo necessità senza ripristino delle impostazioni predefinite.
[Icon] Check mark

Prova la Setup Edition o la Dynamic Edition di Knox Configure su massimo 30 dispositivi.

[Icon] Check mark

Ricevi una prova gratuita di Knox Suite dopo l'approvazione per provare la nostra UEM.

Inizia a utilizzare

[Icon] Logo Knox Guard

Controlla i dispositivi Samsung da remoto per ridurre i rischi finanziari e proteggere gli asset.

[Icon] Segno di spunta

Dopo l'approvazione, è possibile generare la licenza di prova gratuita per 90 giorni.


Prova tutte le funzionalità di Knox Guard su massimo 30 dispositivi, inclusi controllo della SIM e blocco del dispositivo.

[Icon] Segno di spunta

Ricevi una prova gratuita di Knox Suite dopo l'approvazione per provare la nostra UEM.

Inizia a utilizzare

[Image] Logo Samsung Care Plus For Business

Proteggi i dispositivi aziendali dai danni accidentali e dai guasti meccanici.

[Icon] Segno di spunta

Sei già un cliente Samsung Care+ for Business? Crea un account e accedi alla console Samsung Care+ for Business.

[Icon] Segno di spunta

Contatta il team commerciale di Samsung per informazioni sui dispositivi.

Altri prodotti e servizi

[Image] Logo di altri prodotti
[Icon] Segno di spunta

Samsung offre altre soluzioni per soddisfare le esigenze specifiche della tua azienda. Contatta un esperto Samsung oggi stesso.

Torna all'inizio