10월 22, 2020

8 tips for securing remote workforces

Joel Snyder

Working from home has suddenly become the new normal for many organizations, and IT departments have had to pivot to protect people and systems far away from the office. Here are eight tips for managing the risks of WFH staff.

 

1. Audit home network environments

In theory, the security of a home network shouldn’t matter because everything attached to it should be self-protecting. In practice, though, better security in the home network pays off with more reliable connections and a more aware user community.

The word “audit” isn’t what you want to use when communicating with end users, but the idea is the same: a quick checklist of things to help boost overall security. This should include:

  1. Verifying that their Wi-Fi has a password and that the security settings are WPA2 (or WPA3 for newer equipment). Anything older, including WEP or no-password Wi-Fi, should be addressed. If you can, encourage users to change their Wi-Fi passwords every six months or so.
  2. Checking that the router/modem is protected — that it does not have the default password and it can’t be managed from outside.
  3. Ensuring that home computers are all protected. If necessary, extend enterprise anti-malware licenses to include everything on the home network. Ask users to check that security patches are automatically applied to all systems on their home network, and remind them that a password (even a short one) is needed for any systems.

 

2. Step up security training and support resources

The biggest risk factor for security is always the human, and security teams need to be constantly (but gently) training users on the current threats and best practices. Now is the time to re-evaluate whether your information security training is up to date and consider providing bite-size reminders to users to help them spot and avoid common attack vectors, such as phishing attacks. Look at your options for delivering security training, with an eye toward remote staff — is your current security program meeting their needs?

At the same time, realize that remote workers have a more flexible schedule and may choose to start earlier in the morning or later in the day. Meet their needs by extending help desk hours as much as possible and by making sure that users know the help desk is there, even for home network problems. Yes, you might spend some help desk time and money fixing Xbox and Chromecast problems, but users need to feel that they have someone they can talk to if they have any security questions.

 

3. Check your logs

IT teams should be keeping an eye out for security events at all times, but having staff in the office made it easier to detect problems such as infected PCs when a user called for a re-image. Shifting staff outside of the office eliminates this parallel channel and makes the logs coming out of endpoint security and configuration management tools more valuable for catching problems early, before they affect productivity or security.

If users have company-provided devices, make sure that your configuration management tools are enforcing regular software updates — and logging when these updates fail. The same goes for endpoint security tools: Make sure that updates are enabled and happening. Use logs to discover systems that have fallen out of compliance and actively work to get them updated.

 

4. Review and update mobile device management policies

Enterprises with Bring Your Own Device (BYOD) or Choose Your Own Device (CYOD) programs should also take a look at their mobile device management (MDM) policies in light of the shift to working from home. Is the group structure for policy enforcement appropriate? Should work-from-home (WFH) staff have additional applications preloaded? As with other parts of the infrastructure, what can logs and reports tell you about devices that may be infected or out of compliance with policy?

This is also a good time to review MDM infrastructure and consider a shift toward cloud-based tools, such as Samsung’s Knox Manage. If you’ve got on-site MDM, but no one is on site anymore, the cloud is an economical alternative that can also get you out of the business of maintaining and updating MDM servers and applications.

 

5. Roll out multifactor authentication if you haven’t already

Multifactor authentication (MFA) is one of the most powerful tools security teams have for mitigating credential theft, one of the main goals of phishing attacks. The most effective MFA program design is still up for debate, but the bottom line is that even the weakest MFA is far better than password-only authentication systems, and it protects you against all but the most determined attackers. If you haven’t switched to MFA for all important applications, O/S logins and virtual private network (VPN) functions, now is the time. Don’t let analysis paralysis keep you from doing something to mitigate this severe threat.

If you have switched to MFA, step back and do a self-audit to make sure that all applications are covered and that the MFA is actually being used, especially by high-profile executives and privileged IT users. In the rush to deploy MFA, many organizations skip over smaller applications, such as interactive logins to network and security devices, to get the broadest coverage. Now is the time to drill down and make sure you are protected at every level.

 

6. Address increased recreational use of work devices

WFH means increased use of work devices for recreational activities, such as social media, streaming video, personal browsing and so on. This is an inevitability when someone is in a home environment, especially if they’re juggling childcare and other household responsibilities at the same time. Acknowledge this, but mitigate the risk to enterprise data by creating protected enclaves. For example, with mobile devices running Android Enterprise, you can create a work profile to prevent leaks of company data to personal applications.

This is another opportunity for staff education. Make sure that staff are not using insecure social media tools or personal accounts for communications with colleagues or customers.

 

7. Check the security of collaboration tools

Whether you’re using Google G Suite, Microsoft 365 or an assemble-it-yourself toolkit, ensure that people are using the tools you’ve selected and configured rather than falling back on personal accounts for videoconferencing, file sharing and messaging.

For example, if you discover that people are using their personal Dropbox instead of a corporate Google Drive, find out why. Is there a problem with your configuration, or an important missing capability that’s inhibiting collaboration?

 

8. Rethink workflows that are not 100% digital

Now is the time to look at processes that require personal handoffs, printed documents or wet signatures. You may have worked around these on an urgent basis at the beginning of the year, but that’s a stop-gap. Examine processes that had to be short-cut, and look to see how they can be moved to a more secure, 100 percent digital workflow. Cloud-based tools, such as SignNow and Paymo, can be used to re-engineer old processes and better support a WFH model.

See how the Galaxy Enterprise Edition paired with Knox Suite can offer your remote employees defense-grade security, no matter where they work from.

[아이콘] 닫기

삼성 Knox 시작하기

[아이콘] 여행가방
리셀러, 솔루션 공급업체 또는 서비스 공급업체이신가요?

지금 Knox 파트너가 되어 비즈니스 성장을 도모하세요.

[아이콘] 정보

시작할 Knox 제품 선택:

올인원 번들
Knox Suite
리브랜딩 및 맞춤 설정
Knox Configure
사기 및 도난 방지
Knox Guard
디바이스 보호 플랜
Samsung Care+ for Business
기타 제품 및 서비스

시작하기

[이미지] Knox Suite

기업용 모바일을 위한 일체형 솔루션 번들

  • 최대 30대의 디바이스에 제공되는 90일 무료 평가판을 사용해 보세요.
  • 회사 디바이스를 안전하게 보호, 배포, 관리 및 분석할 수 있는 완벽한 툴 모음입니다.
  • Knox Suite와 함께 제공되는 강력한 기능을 사용해 보세요.

Knox Suite에는 다음이 포함됩니다.:

Knox Mobile Enrollment 무료
Knox Manage
Knox E-FOTA
Knox Asset Intelligence
Knox Platform for Enterprise 무료
Knox Remote Support
Knox Capture
Knox Authentication Manager

시작하기

[이미지] Knox Configure 로고

삼성 디바이스를 리브랜딩하고 맞춤 설정하세요.

  • 최대 30대의 디바이스에 제공되는 90일 무료 평가판을 사용해 보세요.
  • 삼성 디바이스를 대량으로 구매하는 즉시 원격으로 구성하고 특정 요구 사항을 충족하도록 맞춤 구성합니다.
  • 디바이스를 일회성 배포를 위해 설정하거나 원하는 만큼 업데이트할 수 있습니다.

시작하기

[아이콘] Knox Guard 로고

삼성 디바이스를 위한 사기 및 도난 방지

  • 최대 30대의 디바이스에 제공되는 90일 무료 평가판을 사용해 보세요.
  • 원격으로 삼성 디바이스를 제어하여 금융 관련 위험성을 줄이고 자산을 보호하세요.
  • SIM 제어 및 디바이스 잠금 기능을 포함한 Knox Guard의 모든 기능을 사용해 보세요.

시작하기

[이미지] Samsung Care Plus For Business 로고

삼성 디바이스를 위한 디바이스 보호 플랜

  • 빠른 디바이스 수리 및 교체로 업무 중단을 최소화합니다. 시작하려면 삼성 영업팀에 문의하세요.
  • 한 곳에서 모든 디바이스 보증 범위 및 청구 정보를 확인하세요.
  • 이미 Samsung Care+ for Business를 구매하셨나요? Samsung Care+ for Business 콘솔에서 계정을 만들고 플랜을 활성화하세요.

기타 제품 및 서비스

[이미지] 기타 로고

고객의 고유한 요구 사항을 해결하는 최신 솔루션입니다.

  • Enterprise Tech Support를 통해 전담 계정 관리자로부터 효율적인 기술 지원을 받아보세요.
  • 삼성 소프트웨어 맞춤 설정 서비스를 사용하여 귀사를 위한 맞춤형 디바이스를 만들어 보십시오.
영업 팀에 문의