Whether you call it teleworking or remote work or work from home, more businesses than ever before are having to turn to it during the COVID-19 crisis. Unfortunately, many of those businesses were unprepared to make a quick transition to that way of work and are leaving themselves open to potential security risks. Your business may be one of those.
Here’s a quick list of things to look out for:
Chances are good that if you’ve given an employee a company-owned laptop to use, your IT team has already loaded the equipment with appropriate anti-virus, anti-malware and remote access mechanisms for the user to use. The first two of those three things are critically important.
If a laptop is coming right out of the box, then you must make sure it has anti-virus and anti-malware software working on it. If that wasn’t verified immediately because of a hurry to deploy it for an employee, you want to back check on those machines as soon as possible.
Make sure that employees know that they need to follow any acceptable use policies that the company has in place for company-owned machines. Employees who have not worked remotely in the past may not be aware of those. The user should also continue to follow any cyber-hygiene instructions that they have received at work while working from home, as the rules will be the same.
If users are expected to use their own machines to connect remotely to a corporate network, the most secure way would be for them to connect via RDGW (Remote Desktop Gateway) and conduct their work via an RDS (Remote Desktop Services) server. This is a traditional terminal server option.
If you do not have RDGW/RDS in place, a Virtual Private Network (VPN) could be a good solution for your business. A local VPN solution would at least allow your employees to connect securely to the corporate network. VPN licenses are often the cheapest way to quickly facilitate secure access to the network, assuming the firewall supports this functionality.
If you are in a position where you have already sent workers home to work, but you don’t have RDGW/RDS or VPN already implemented, then an easy alternative would be to explore third party products like LogMeIn to quickly implement a secure method of remote access to a work PC.
LogMeIn has a monthly subscription and a monthly fee, allowing for easy in and easy out if you don’t expect to continue to offer work-from-home options after the crisis subsides. It is important to note that someone will have to be on the original machine that the employee will be logging in to in order to accept the requests from LogMeIn for access.
Home Network Concerns
Home networks are most often set up and maintained much differently and with much less security than a business network. At the very least, you need to implore your employees to make sure that the operating systems of all machines connected to their network are fully patched, and that all of those machines are running an antivirus solution that is receiving regular definition updates.
It is important to note that this should be true for all machines connected to their network. This is another instance where the security of the network is only as strong as the weakest link. The good news is that Windows and Mac OS’s have the ability to automatically patch themselves when critical OS patches are available.
You should also tell your employees to ensure that their home wireless network is password protected. You may want to encourage them to close down open guest networks if they have one.
While not related specifically to security concerns, this is always an important piece to cover. For basic troubleshooting, encourage your employees to reboot their workstation and to identify the location of their home modem and router so that they can power cycle them if necessary. It is cliché, but these methods fix the problem in a surprising number of cases.
If you are interested in more information on helping your employees be safe and productive while working from home, we encourage you to watch our recently-posted video, Telework: Considerations for Managers and Executives. Click on the image below to watch it now: