COVID-19 has forced upon many businesses a shift in how and where they work, with most having to adopt these changes far quicker than ideal.
I have put together 3 areas I have found often overlooked during this shift in remote working so you can check whether you have these practises and protections in place.
Bring Your Own Device (BYOD)
For many organisations during the pandemic it has not been possible to facilitate the necessary equipment on such short notice to enable the workforce to work remotely. This has led to many organisations using personal devices for work.
Unfortunately, this can open your business up to a huge security opportunity for malicious actors to leverage. Unless you have adopted a rigorous Remote Monitoring and Management (RMM) process, allowing the use of personal devices to access and/or store company data is a security professionals nightmare.
There is simply no way to correctly manage these devices meaning you have no way of ensuring their fully patched, configured in an appropriate and secure manner, have the necessary malware protections in place, and are not already riddled with malware. Using or allowing a device to access your company data and services that has been unknowingly compromised gives the malicious actor the same access.
BYOD needs to be adopted in a very careful way to help ensure the continual security of those devices. Otherwise, BYOD should be avoided and any services or applications that support features allowing you to restrict access based on device should be adopted where possible. This helps ensure personal devices are not being used to access your company’s data. Taking Office 365 as a popular example, with the correct licensing you can restrict access to Office 365 email or data based on device type or device status.
Secure Remote Networks
Your IT department will have likely implemented various security controls across your office networks to help prevent malicious activity. Whether that was correctly configuring your firewalls to help prevent malicious activity coming in or out of your network, or preventing untrusted devices from connecting to the same network as your company computers/data, your remote workforce has now likely not got these same controls in place.
Your IT department should be looking to extend those controls to the remote networks your users are now working from. If users are utilising public Wi-Fi, a lot of these controls may not be possible to implement. Because of this lack of control, coupled with the security issue of not knowing the other devices connected to that same public network, public Wi-Fi should be avoided where possible.
For anyone working from home, the company should look to implement the same or similar controls on each home network (with the homeowner’s permission), or to provide company-issued kit and services (e.g. broadband, firewalls etc) to ensure the security of those networks.
Remote Monitoring and Management (RMM)
Before the COVID-19 pandemic your IT department will have likely had various tools and methods to monitor and manage your devices, to help ensure their security and to help resolve any issues that arose. With a new remote workforce, those same tools and methods may no longer be fit for purpose and without suitable alternatives or replacements you could be exposed to a high risk of cyber-attack.
Whether your users are working from within the office or on the other side of the world, your IT department always need to have the correct tools available to them to ensure the same level of protection. Remote Monitoring and Management (RMM) tools can allow your IT department to continually ensure your devices are fully patched, correctly configured, and can become alerted to any incidents (security related or otherwise) in a proactive way. They can also facilitate changes or installations that need to be performed across multiple computers simultaneously, regardless of where they are in the world.
If you and your Business need support from our team at Westgate to ensure your remote working experience runs smoothly, fill out an enquiry form below and we can arrange a call with you.