During this COVID-19 lockdown, many business are supporting Work From Home and actively using on-site resources. While this is great and we hope the transition was seamless and properly migrated, many companies don't have the staff to support or implement ideal tools to fully support a long term WFH strategy.

Below you will find some tools, ideas, and general topics to consider during this time, and preparing for the future.

Long Term WFH Security Checks

📧  Phishing attacks continue to increase
  • Phishing attacks have increased by over 600% since the start of COVID-19
    • Targeting "new information" about COVID-19, as well as stimulus check payments
💣  "ZoomBombing" and other collaboration tools will continue to be targeted
  • Ensure users are following safe practices, utilize FAQ docs and online safety resources
  • User privacy and data need to be top of mind for compliance 
😷  Adapt to the new norm of WFH and embrace tools to help you succeed
  • Utilize SaaS tools and 3rd party resources to complete tasks and fill gaps in staffing​
🔬  Assess, analyze and treat risks from current WFH deployment regularly
  • Assess 3rd party cyber security impacts such as cloud services and professional services​
💻 Endpoints on unsecured networks will be easy targets
  • Home networks typically aren't secured by a firewall, ensure a WFH policy has been sent to employees to update IoT devices, personal devices, and change default passwords

WFH Security Tips & Tools

☑️  Endpoint Security
  • Ideally endpoint that supports both Signatures and Machine Learning or AI to prevent zero day threats
  • ​Enable Firewall, USB Port Scanning/Blocking, Web Filtering, Application Control, Data Loss Prevention (DLP), Anti-Ransomware
  • Upgrade to EDR for deeper analysis if budget allows
    • Use MDR services if you don't have the staff to manage or monitor
☑️  E-mail Protection
  • Utilize phishing campaigns for awareness
  • Scan in both directions
    • Detection of compromised devices and prevents clients/customers from receiving spam
    • Turn on DLP to prevent sensitive data from leaving though email
  • Enable URL rewrites to protect against malicious DNS redirects
☑️  Virtual Private Networks (VPN)
  • Assume all non-corporate controlled networks are compromised
  • Use Split Tunnel VPN for non-sensitive websites to reduce overhead on HQ firewall
  • Enable Multi-Factor Authentication to validate access
  • Use VPN to validate device hygiene before granting access
☑️  Single Sign-On (SSO) & 2FA​
  • Eliminate Password Reuse & Complexity
  • Prevent Credential Compromise with 2FA
  • Enable everywhere that supports it, Cloud Apps, VPN, PC Login, etc.
☑️  Mobile Device Management (MDM)
  • Ability to Locate, Lock, Patch, and Wipe devices
☑️  Vulnerability & Patch Management
  • Create a patch management policy with a set schedule & endpoint vulnerability assessment plan
  • Scan and assess network internally & externally
☑️  Enable Encryption
  • Disk: Protects data if a device is lost or stolen
  • File/Folder: If files are shared or removed from the device
☑️  Provide Secure Ways to Backup and Share Files
  • Cloud based backup and file sharing for remote devices
    • ​Ex. OneDrive with time expiring links
  • Enable Version History to restore if case of ransomware attack
☑️  DNS Level Content Filtering
  • Prevent malicious and unwanted content from reaching the endpoint
  • Supports Mobile devices as well
☑️  End user cyber security training
  • Cyber educated employees help reduce the risk of potential compromise
☑️  Create Policies & FAQ Docs for Remote users
  • Review polices if they already exist
  • FAQ doc for end users to help reduce IT service requests
☑️  Review Incident Response Procedure 
  • Tie it all together with a SIEM for advanced threat hunting
    • Use Security Operations Center as a Service (SOCaaS) for 24x7 monitoring
  • Have a plan for remediation and risk management
    • Utilize governance, risk, and compliance (GRC) tools to manage risk
    • Have offline and remote copies in case of ransomware or disasters
Use our Security Line Card to find matching solutions

Review current security policies and implementations for flaws

Many states implemented strict rules and enforced essential work only policies, causing many businesses to deploy remote workers for most if not all of their organization. Due to this short amount of time to prepare, hardware has been difficult to acquire for some, forcing  employees to use personal devices for work. This is an understandable solution, but  by no means ideal. Allowing users to access company information, from any device, especially a personal device, needs to have a strong security policy wrapped around its access. Reviewing your current state of WFH security policies and taking a close look at what and how users are accessing data should be considered a high priority.

Utilizing VDI and RDP solutions to access corporate resources on a BYOD will greatly increase security posture and reduces the risk of compromise. To learn more about these solutions, please view our Remote Work Solutions Cheat Sheet.

Update and implement tools to make WFH security easier

Now that you have reviewed your policies and identified any gaps in our security posture, its time to find and implement new tools to secure, while enabling the end users. Our Security Line Card, categorized by NIST Cyber Security Framework, can help you identify products, vendors, and Ingram Micro Contacts to get you started.

Plan for long term WFH and new hire remote roll-outs

Current estimates on societal restrictions points to the possibility of rolling lock-downs through 2021 or even into 2022. This not only means that workforces will likely remain remote for the coming months, but that any new additions to your teams will require them to be remotely deployed. 
  • For existing remotely deployed employees
    • Ensure that remotely deployed laptops and desktops are on a regular patch management cycle.
    • Fill gaps in remote worker equipment needs such as webcams, headsets, and other ergonomic needs that they would normally have access to in an office environment.
    • Have a plan for secure device replacement in the event a system reached end-of-life or requires decommissioning due to damage or system failure.
  • For remotely deployed new hires
    • Create a new policy or modify existing policies for deploying IT to new hires in a timely fashion to ensure no lapse between start date and the employee having access to resources.
    • Modify previously existing ramp-up procedures to remote, including new hire training, team introductions, etc.
    • Determine if additional equipment such as monitors, headsets, keyboards, and mice will be employee or employer provided. These plans can include additional shipment of these supplies or issuance of a stipend to acquire these items.
For both cases, a follow-up policy should be in place to determine that the employee has received their equipment and can successfully connect to company resources. Certain team members with access to privileged capabilities (such as conducting financial transactions and access to sensitive data) should be required to conduct verbal check-ins on certain levels of activity, such as authorizing a large wire transfer. These measures are to prevent abuse by malicious actors trying to mimic a remote employee.

Plan for the return to office

Once you have a secure and solid remote work force, its time to start planning for the migration back into the office. This migration may seem easy at first, but we have a few things to watch out for before we open the doors and start letting workers back into the office.
  • Some employees might be hesitant or unwilling to migrate back to the office
    • Employees may not want to gather in large groups
    • Phase migration into the office in waves, preventing any major disruption should problems occur
    • Many people will enjoy working from home, don't force users back for risk of losing a good employee 
    • Things will likely never be the same at an office like it was before COVID-19 and that's okay
  • Devices that were left at the office will likely need to be updated, patched, and reviewed before its safe to use again
    • If a device was powered off or in a sleep state, it likely hasn't been receiving OS or AV updates
    • Devices that were online, but not used, should be scanned and checked for patches as well
    • Check to ensure devices have working backups
  • Confirm ISPs and backup connections are connected and working
    • If you haven't been connecting back to the HQ for resources, check to make sure your WAN is at 100% functionality
  • Check password policies and credentials haven't expired for necessary resources
    • Make sure users can access the data and applications as needed without disruption

Ask for help

At Ingram Micro we have various programs for Financing, Education/Training, Professional Services, as well as numerous Reseller and Vendor Partnerships to assist any business of any size succeed in accomplishing their goals. If you need assistance with anything mentioned above, please do not hesitate to contact us for deeper discussions.
Site Feedback Encouraged