The early days of the pandemic required IT teams to move at an unprecedented speed to equip employees for remote work. Now that enterprises are several months into the pandemic, it’s time to prioritize work-from-home security.
In March 2020, frantic arrangements included accommodating insecure connections and poor connectivity. There was a push to get people connected, but little thought of security. Not only was there no time, but there was also no possibility of in-person technicians assessing security risk in any remote-work environment.
Work-from-home security is compromised by the use of personal computers without network protection, in addition to devices being shared by the whole family. Recessionary threats of job loss hover like a cloud over at-home environments. This type of situation is ideal for hackers, offering the kind of muddled vulnerability that allows a breach to go unnoticed.
SonicWall reports that ransomware attacks have been up 109% over the first six months of 2019, demonstrating that malicious actors are taking advantage of the situation to target unsecured networks.
Waiting out the pandemic or the hackers isn’t a viable option because many companies are finding that their future plans don’t include a return to the office, even once the crisis has passed.
Implementing Work-From-Home Security
There are some basic strategies that can help improve protections, such as prioritizing endpoint security and implementing domain name system (DNS) filtering systems on endpoints. A simple step that can have an important impact is the inclusion of a multi factor authentication on software, which can prevent phishing attacks and other attempts to breach the network.
In an effort to get employees online quickly, many enterprises utilized remote desktop protocol (RDP) technology to achieve connection between users, and if unsecured connections were used, it’s time to address it. These connections are vulnerable to ransomware attacks because they are open to the internet and create immeasurable risk to the enterprise.
A virtual private network (VPN) can mitigate the risk, but enterprises can also try a proxied RDP service which redirects RDP traffic to a cloud-hosted server that inspects and cleans the transmission before forwarding it on to its destination.
Some work-from-home security experts are suggesting an even simpler idea: switch out corporate or personal laptops with cloud-based solutions, making RDP and similar technologies unnecessary.
Now that the initial scramble is over and enterprises are staring down a long-term remote work model, IT teams should be establishing a set of policies for secure work-from-home environments. Next-generation firewalls with sandboxing, as well as solutions that will perform health checks on hardware before it is allowed to join the network, are good steps to include. Before a device is authorized, it’s being assessed for patch status and checking that the security software is intact.
A long-term policy should layer in data security tools, loss prevention solutions, security awareness training, and other protective strategies for improving work-from-home security.If your enterprise is shifting from the initial panic of connecting your workers to now prioritizing work-from-home security, contact us at Cory Communications. We can help you determine the right steps and tools for an effective security policy for navigating the next few months and into the future.