In a world of increasingly sophisticated hackers and adversaries, keeping sensitive information safe is a growing challenge for both employers and employees.
The recent rise in remote working due to COVID-19 provides even more for IT and security experts to worry about.
This is where your MSP comes in.
While there are many benefits to remote teams there is one pressing concern in terms of security: how can we protect those working remotely who may be deemed easy targets operating outside of the robust security systems typical in brick-and-mortar offices.
1. Secure Applications for the Remote Workforce
IT infrastructure alone will not ensure that your client’s systems, software, and security are properly configured and operating well. When incorporating the technology needed for remote work into your infrastructure, we recommend taking the following measures:
- Encrypt and install firewalls on all devices. Ask your client’s users to immediately install security patches and update endpoint protection and security (EPS) software on all endpoints, without exception. Taking this precaution can prevent hackers from accessing IDs and passwords and using computers as points of entry to the company’s servers and systems.
- Encrypt your client’s computer hard drives, external hard drives, and USB devices. Make sure that all computer hard drives, external hard drives, and USB (thumb) drives are encrypted and company issued to protect worker endpoints from theft or unwanted physical access.
- Secure access to company systems. Your client’s security operations center should monitor all VPN and remote-access logs for anomalous behavior.
- Make sure cyber-incident response processes are robust. IT teams should update and test all processes and procedures centered around cybersecurity breaches.
2. Provide Guidelines to Employees
The speed and scale of the transition to remote working as a result of the coronavirus pandemic creates numerous security risks for your client’s organization, and your help desk will be the first line of defense.
With this in mind, your organization needs to provide clear guidelines and explicitly define secure procedures for dealing with remote working. Distribute a remote-work policy that specifies acceptable methods for connecting to the internal network.
We also recommend defining close of business, end of the day, and other times after which sensitive data can no longer be accessed—just as if workers were leaving the office to go home.
Though there may be a hiring freeze, you should consider enhancing your help desk. Supporting the rapid surge in remote workers with additional secure tech support could be a wise decision.
3. Update Access and Security Measures
Executives and other senior team members who handle sensitive data are particularly critical but can be less familiar savvy when it comes to cybersecurity risks. Cybersecurity and identity management teams should limit their access and provide upgraded security measures to reduce the risk of compromise.
For example, finance personnel should be on the lookout for phishing, phone, and business email scams, especially those claiming ties to health care organizations or charities. They should verify all financial communications and require verbal approval from executives for all financial transfers.
Remote Security Takeaways
Remote work is now the default for organizations worldwide. This sudden shift has exposed certain vulnerabilities and left many working without the full protection of on-site IT security. And, human nature being what it is, we can’t expect remote workers to consider all of the risks posed by this new security environment.
As such, it’s critically important that your MSP should proactively defend against the types of attacks your clients are most likely to encounter. It’s also just as essential that your customers emphasize endpoint protection and deploy the tools they need to get security right, even as their staff work from their pajamas.
Want to learn more, please check out our SaaS Security eBooks.
