Practical security tips to keep your users safe while they are working from home
Coronavirus has brought remote working to the top of everyone’s mind. With many organisations already enabling or exploring remote working, here are 11 tips from Sophos to help your users, and your company, stay secure while protecting everyone’s physical health.
By Sally Adam
1. Make it easy for users to get started. Remote users may need to set up devices and connect to important services (Mail, Internal Services, SalesForce, etc.) without physically handing them over to the IT department. Look for products (security and otherwise) that offer a Self Service Portal (SSP) that allows users to do things themselves.
2. Ensure devices and systems are fully protected. Go back to basics – ensure all devices, operating systems and software applications are up to date with the latest patches and versions. All too often malware breaches an organization’s defenses via a rogue unpatched or unprotected device.
3. Encrypt devices wherever possible. When people are out of the office there is often a greater risk of lost or stolen devices; for example, phones left in cafes, laptops stolen from cars. Most devices include native encryption tools such as BitLocker – be sure to use them.
4. Create a secure connection back to the office. Using a Virtual Private Network (VPN) ensures that all the data transferred between the home user and the office network is encrypted and protected in transit. Plus, it makes it easier for employees to do their jobs.
5. Scan and secure email and establish healthy practice. Home working will likely lead to a big increase in email as people can no longer speak to colleagues in person. The crooks are wise to this and already using the coronavirus in phishing emails as a way to entice users to click on malicious links. Ensure your email protection is up-to-date and raise awareness of phishing.
6. Enable web filtering. Applying web filtering rules on devices will ensure that users can only access content appropriate for ‘work’ while protecting them from malicious websites.
7. Enable use of cloud storage for files and data. Cloud storage enables people to still access their data if their device fails while working remotely. Don’t leave files and data in the cloud unprotected and accessible by anyone. At the very least, employees must successfully authenticate. Multi factor authentication takes that a step further.
8. Manage use of removable storage and other peripherals. Working from home may increase the chance of people connecting insecure devices to their work computer – to copy data from a USB stick, or to charge another device. Considering that 14% of cyberthreats get in via USBs/external devices*, it’s a good idea to enable device control within your endpoint protection to manage this risk.
9. Control mobile devices. Mobile devices are susceptible to loss and theft. You need to be able to lock or wipe them should this happen. Implement application installation restrictions and a Unified Endpoint Management solution to manage and protect mobile devices.
10. Make sure people have a way to report security issues. With home working people can’t walk over to the IT team if they have an issue. Give people a quick and easy way to report security issues, such as an easy-to-remember email address.
11. Make sure you know about “Shadow IT” solutions. With large numbers of people working from home, Shadow IT – where non-IT staff find their own ways of solving issues – will likely increase. Sophos recently discovered ‘public’ Trello boards containing names, emails, dates of birth, ID numbers, and bank account information. Ensure users report use of such tools.