Remote Working from Home

A vital measure in slowing the spread of COVID-19 is social distancing, with many governments now issuing mandatory shelter-in-place orders. This has resulted in IT teams rushing to build work-from-home setups for entire companies practically overnight. As millions of people all over the world suddenly need to work remotely from their homes, we are witnessing the creation of the largest global remote workforce ever.

Moving millions of employees, their computers, and their data from a secure office environment to their home—with minimal notice— can present tremendous data security risks, including simple technical glitches, accidental human error, and malicious/ransomware attacks. Below outlines the steps that we at StorageCraft took to ensure our safe transition, we hope it helps as you make yours.

7 STEPS FOR A SECURE AND SMOOTH TRANSITION TO REMOTE WORKING

First Point

Secure Employee Devices

  • Where possible, provide laptop devices so employees aren’t forced to use potentially less secure personal devices for work such as home desktops
  • Secure these devices with endpoint protection measures: install antivirus, automated patch management (such as this from Ivanti) and automated backups (e.g., ShadowProtect)
  • Install a strong SSL VPN solution such as Pulse Secure, Cisco, or GlobalProtect on every device (corporate or personal) for a secure connection to the company network. Improve network bandwidth, if necessary by using a split-tunnel connection which increases your security level by only providing secure access to corporate-approved resources
First Point

Protect Business Data

  • Set up a company-wide policy that automatically saves documents and data to Google’s G Suite or Microsoft O365 or your on-premises share drive. NOTE: With only 30 days of retention for files from these services, make sure you add a backup solution, such as StorageCraft Cloud Backup and match your backup frequency to the importance of the data

  • For unstructured data on-premises, set up employees to store their work files on a company-managed file server with immutable snapshots capability, such as StorageCraft OneXafe, rather than their own laptops Use image-based backup software such as ShadowXafe, or ShadowProtect to protect that file server

  • Take image-based backups of employee laptops— so, should it fail, you can use a backup to restore the operating system, applications, and data to a new one in minutes—which sure beats reinstalling everything and will recover any data that wasn’t stored to the file share or cloud. Or for remote users with low bandwidth, a file and folder backup solution might be a preferred alternative

  • Redundancy is key, so replicate all laptop and file-server backups to the cloud (ideally a purpose-built disaster recovery cloud such as StorageCraft Cloud Services, which enables swift recovery)

  • Your mission-critical data and applications are already backed up, so ensure that the SLA matches the importance of the data, and that the data is replicated to an off-site data center, or a third-party cloud provider, such as StorageCraft Cloud Services

First Point

Secure the Laptop and the Network

  • Ensure security with tools such as Rapid7, Tanium, or CrowdStrike that protect laptops. Also leverage all the next-generation firewall security services, such as Palo Alto Networks, to protect the network and scan for viruses and ransomware as well as for suspicious connections to and from your company

  • Again, redundancy is key! Store server backups onsite with solutions like OneXafe, and also replicate those backups to a remote location – either disaster recovery data center or the cloud. (Using a cloud provider with DRaaS capabilities will enable you to fail over the entire network, data, and applications should the need arise.)

First Point

Devices and Remote Users

  • Confirm the identity and security state of each endpoint device, be it corporate or personally owned, including laptops, desktops, smartphones and tablets
  • Control admission for remote users and their associated devices based on the user identity and access rights level of trust
  • Allow access based only on the resources users are authorized to access – either on-premise or in the cloud
First Point

Provide Remote Support

  • Use remote connecting software such as Zoho Assist, ConnectWise ScreenConnect, or Logmein Rescue, which enables the helpdesk to see an employee’s screen and troubleshoot issues remotely

First Point

Test, Train & Educate

  • Regularly test your backups and your ability to recover! While having a backup is important, being able to recover all data completely and quickly is absolutely critical for business continuity
  • Triple-down on phishing: a successful phishing scam can expose you to ransomware and render all your data useless. Test your network and your employees with tools like KnowBe4 to find the holes in your network protection and to train your employees in being able to spot phishing emails that lay the groundwork for a ransomware attack
First Point

Provide Communications Tools

  • Provide, and enforce the use of, company-wide communications tools for instant messaging, video conferencing, and telephony that are secure. These tools (such as Microsoft Teams, GoToMeeting, and Jive softphone) ensure employees can stay productive, be social, and continue collaboration while still keeping the business secure

7 STEPS TO SHARE WITH YOUR EMPLOYEES

So They Can Play Their Part In Securing the Transition to Remote Working
First Point
First Point
First Point
First Point
First Point
First Point
First Point

Use multi-factor authentication (MFA) whenever possible, especially for accounts like Office 365, G Suite, and SalesForce

Create strong, unique passwords for each account; use a password manager like LastPass or 1Password to create hard-to-guess passwords; and change them regularly

On any devices that your employer isn’t managing software updates, be sure to keep the software on your computer (Mac or Windows) updated yourself and enable the firewall on your computer (Mac or Windows)

Set up your computers to use a secure DNS server such as Cloudflare or OpenDNS to protect from malware, phishing, and ransomware

Secure your home router

  • Change the default router password and install firmware updates to patch security vulnerabilities
  • Set your encryption to WPA2 or WPA3 (whichever is highest), restrict inbound and outbound traffic, and switch off WPS
  • Make sure to change the Wifi Access key

On any devices that your employer isn’t managing backups for, be sure to back up your laptop to a local flash drive, or the cloud such as BackBlaze, or to another hard drive with Carbon Copy Cloner (Mac), or Clonezilla

If you are not working in a private location, be aware of physical security, use a privacy screen for your laptop, and use a VPN when using public Wi-Fi

Pin It on Pinterest

Share This