Preparing for the Unknown Has Become a Reality

Many established companies were used to going into their brick and mortar offices, and then were forced to go remote. How prepared were you for this change?

We have come across a couple of scenarios to which you might be able to relate. If that’s the case, take the next steps to make sure your remote employees and company’s data remain secure.

Scenario 1: Primarily in the office, with limited work from home capabilities

  • Not prepared at all, or very minimally, for temporary remote work.
  • Business policy limited work from home.
  • Majority of employees had desktops, which meant laptops and home workstations had to be purchased.
  • Set up each one with USB wireless and train them.

Did you set up each laptop with access to a secure wireless connection?

If no, here’s what to do:

  • Ensure wireless connections are either certificate-based self-signed or with two-factor authentication.
  • If scale is an issue, limit access only to resources immediately critical to job role.

Did your company discuss multi-factor authentication?

If no, here’s what to do:

  • Define the high-risk group as executive and critical knowledge workers.
  • Establish multi-factor at least for high risk group.
  • Find a solution that is easy to implement and maintain.

Document everything you do carefully. Take the extra time as it will pay off if you have to troubleshoot and later will prepare you for proper architectural planning when the urgent need subsides.

Use this time now to:

  • Establish secure remote access that can scale to meet the current and on-going needs.
  • Evaluate and document risks associated with the rapid deployment of remote access.

 

Scenario 2: Company had an in the office and remote work option from the beginning

  • Seamless transition to working remotely.
  • Gave a timeframe expectation timeframe for remote work.
  • Helpdesk is now open, which means remote access support is likely extra work, plan for the long run.

Did you train all employees to securely access the company network remotely? (OR, did you send out updated remote working guidelines to reinforce protocol?)

If no, here’s what to do:

  • Write up specific instructions with pictures.
  • Make sure to expect the mistakes that will be made and show them how to fix them.
  • Never underestimate the simple errors.

Did you update firewall protocol due to the increase in remote activity?

If no, here’s what to do:

  • Get help! This is the most forgotten part. Have a second set of eyes review.
  • Ensure you have some level of regular logging and review to validate you are not under attack.
  • This scenario could last months, so make sure to update signatures and patching.