Ottobre 22, 2020

8 tips for securing remote workforces

Joel Snyder

Working from home has suddenly become the new normal for many organizations, and IT departments have had to pivot to protect people and systems far away from the office. Here are eight tips for managing the risks of WFH staff.


1. Audit home network environments

In theory, the security of a home network shouldn’t matter because everything attached to it should be self-protecting. In practice, though, better security in the home network pays off with more reliable connections and a more aware user community.

The word “audit” isn’t what you want to use when communicating with end users, but the idea is the same: a quick checklist of things to help boost overall security. This should include:

  1. Verifying that their Wi-Fi has a password and that the security settings are WPA2 (or WPA3 for newer equipment). Anything older, including WEP or no-password Wi-Fi, should be addressed. If you can, encourage users to change their Wi-Fi passwords every six months or so.
  2. Checking that the router/modem is protected — that it does not have the default password and it can’t be managed from outside.
  3. Ensuring that home computers are all protected. If necessary, extend enterprise anti-malware licenses to include everything on the home network. Ask users to check that security patches are automatically applied to all systems on their home network, and remind them that a password (even a short one) is needed for any systems.


2. Step up security training and support resources

The biggest risk factor for security is always the human, and security teams need to be constantly (but gently) training users on the current threats and best practices. Now is the time to re-evaluate whether your information security training is up to date and consider providing bite-size reminders to users to help them spot and avoid common attack vectors, such as phishing attacks. Look at your options for delivering security training, with an eye toward remote staff — is your current security program meeting their needs?

At the same time, realize that remote workers have a more flexible schedule and may choose to start earlier in the morning or later in the day. Meet their needs by extending help desk hours as much as possible and by making sure that users know the help desk is there, even for home network problems. Yes, you might spend some help desk time and money fixing Xbox and Chromecast problems, but users need to feel that they have someone they can talk to if they have any security questions.


3. Check your logs

IT teams should be keeping an eye out for security events at all times, but having staff in the office made it easier to detect problems such as infected PCs when a user called for a re-image. Shifting staff outside of the office eliminates this parallel channel and makes the logs coming out of endpoint security and configuration management tools more valuable for catching problems early, before they affect productivity or security.

If users have company-provided devices, make sure that your configuration management tools are enforcing regular software updates — and logging when these updates fail. The same goes for endpoint security tools: Make sure that updates are enabled and happening. Use logs to discover systems that have fallen out of compliance and actively work to get them updated.


4. Review and update mobile device management policies

Enterprises with Bring Your Own Device (BYOD) or Choose Your Own Device (CYOD) programs should also take a look at their mobile device management (MDM) policies in light of the shift to working from home. Is the group structure for policy enforcement appropriate? Should work-from-home (WFH) staff have additional applications preloaded? As with other parts of the infrastructure, what can logs and reports tell you about devices that may be infected or out of compliance with policy?

This is also a good time to review MDM infrastructure and consider a shift toward cloud-based tools, such as Samsung’s Knox Manage. If you’ve got on-site MDM, but no one is on site anymore, the cloud is an economical alternative that can also get you out of the business of maintaining and updating MDM servers and applications.


5. Roll out multifactor authentication if you haven’t already

Multifactor authentication (MFA) is one of the most powerful tools security teams have for mitigating credential theft, one of the main goals of phishing attacks. The most effective MFA program design is still up for debate, but the bottom line is that even the weakest MFA is far better than password-only authentication systems, and it protects you against all but the most determined attackers. If you haven’t switched to MFA for all important applications, O/S logins and virtual private network (VPN) functions, now is the time. Don’t let analysis paralysis keep you from doing something to mitigate this severe threat.

If you have switched to MFA, step back and do a self-audit to make sure that all applications are covered and that the MFA is actually being used, especially by high-profile executives and privileged IT users. In the rush to deploy MFA, many organizations skip over smaller applications, such as interactive logins to network and security devices, to get the broadest coverage. Now is the time to drill down and make sure you are protected at every level.


6. Address increased recreational use of work devices

WFH means increased use of work devices for recreational activities, such as social media, streaming video, personal browsing and so on. This is an inevitability when someone is in a home environment, especially if they’re juggling childcare and other household responsibilities at the same time. Acknowledge this, but mitigate the risk to enterprise data by creating protected enclaves. For example, with mobile devices running Android Enterprise, you can create a work profile to prevent leaks of company data to personal applications.

This is another opportunity for staff education. Make sure that staff are not using insecure social media tools or personal accounts for communications with colleagues or customers.


7. Check the security of collaboration tools

Whether you’re using Google G Suite, Microsoft 365 or an assemble-it-yourself toolkit, ensure that people are using the tools you’ve selected and configured rather than falling back on personal accounts for videoconferencing, file sharing and messaging.

For example, if you discover that people are using their personal Dropbox instead of a corporate Google Drive, find out why. Is there a problem with your configuration, or an important missing capability that’s inhibiting collaboration?


8. Rethink workflows that are not 100% digital

Now is the time to look at processes that require personal handoffs, printed documents or wet signatures. You may have worked around these on an urgent basis at the beginning of the year, but that’s a stop-gap. Examine processes that had to be short-cut, and look to see how they can be moved to a more secure, 100 percent digital workflow. Cloud-based tools, such as SignNow and Paymo, can be used to re-engineer old processes and better support a WFH model.

See how the Galaxy Enterprise Edition paired with Knox Suite can offer your remote employees defense-grade security, no matter where they work from.

[Icon] chiudi

Comincia a utilizzare Samsung Knox

[Icona] valigia
Sei un rivenditore, un provider di soluzioni o un provider di servizi?

Diventa un partner Knox e fai crescere la tua azienda oggi.

[Icon] info

Seleziona un prodotto Knox per iniziare:

Soluzione completa
Knox Suite
Rebranding e personalizzazione
Knox Configure
Protezione da frodi e furti
Knox Guard
Piano di protezione dei dispositivi
Samsung Care+ for Business
Altri prodotti e servizi

Inizia a utilizzare

[Image] Knox Suite

Una soluzione completa in bundle, appositamente concepita per la mobilità aziendale.

  • Ottieni una prova gratuira di 90 giorni per un massimo di 30 dispositivi.
  • Un set di strumenti completo per proteggere, distribuire, gestire e analizzare i dispositivi della tua azienda.
  • Prova le straordinarie funzionalità di Knox Suite

Knox Suite comprende:

Knox Mobile Enrollment Gratuito
Knox Manage
Knox Asset Intelligence
Knox Platform for Enterprise Gratuito
Supporto remoto Knox
Knox Capture
Knox Authentication Manager

Inizia a utilizzare

[Image] Logo Knox Configure

Consenti il rebranding e la personalizzazione dei tuoi dispositivi Samsung.

  • Ottieni una prova gratuira di 90 giorni per un massimo di 30 dispositivi.
  • Configura da remoto i dispositivi Samsung in blocco e personalizzali in base alle tue esigenze specifiche per un uso immediato.
  • Configura i tuoi dispositivi per la singola distribuzione o aggiornali tutte le volte che vuoi.

Inizia a utilizzare

[Icon] Logo Knox Guard

Protezione da frodi e furti per i dispositivi Samsung.

  • Ottieni una prova gratuira di 90 giorni per un massimo di 30 dispositivi.
  • Riduci i rischi finanziari e proteggi gli asset controllando in remoto i dispositivi Samsung.
  • Prova tutte le funzionalità di Knox Guard, inclusi controllo della SIM e blocco del dispositivo.

Inizia a utilizzare

[Image] Logo Samsung Care Plus For Business

Piano di protezione per i dispositivi Samsung.

  • Limita le interruzioni delle attività con riparazioni e sostituzioni rapide dei dispositivi. Contatta l'ufficio vendite Samsung per iniziare.
  • Visualizza tutte le informazioni sulla copertura del tuo dispositivo e sul reclamo in un unico luogo.
  • Hai già acquistato Samsung Care+ for Business? Crea un account e attiva il piano nella console Samsung Care+ for Business.

Altri prodotti e servizi

[Image] Logo di altri prodotti

Soluzioni moderne per soddisfare le tue esigenze specifiche.

  • Ricevi supporto tecnico efficiente da parte di un account manager dedicato con Enterprise Tech Support.
  • Crea dispositivi su misura per la tua azienda utilizzando Samsung Software Customization Service.