Secure Employee Devices

• Where possible, provide laptops to avoid employees using potentially insecure personal and shared devices for work.
• Secure these devices with endpoint protection measures, and install antivirus and automated backups.
• Secure these devices with endpoint protection measures, and install antivirus and automated backups.
• Install a strong SSL VPN solution on every device (corporate or personal) for a secure connection to the company network. Improve network bandwidth if necessary by using a split-tunnel connection which increases your security level by only providing secure access to corporate-approved resources.

Protect Business Data

• Set up a company-wide policy that automatically saves documents and data to Google’s G Suite or Microsoft O365 or your on-premises share drive.  As these services may offer only 30 days of retention, add a backup solution, with backup frequency matched to the importance of the data, such as StorageCraft Cloud Backup.

• For unstructured data on-premises, set up employees to store their work files on a company-managed file server with immutable snapshots capability, rather than on their own laptops.

• Image-based backups enable organisations to restore the operating system, applications, and data to a new one in a matter of minutes, while for remote users with low bandwidth, a file and folder backup solution might be a preferred alternative.  Solutions such as StorageCraft OneXafe, StorageCraft ShadowXafe and ShadowProtect.

• Replicate all laptop and file-server backups to a purpose-built disaster recovery cloud. Mission-critical data and applications are already backed up, so ensure that the SLA matches the importance of the data, and that the data is replicated to an off-site data centre or third-party cloud provider such as StorageCraft Cloud Services, which enables swift recovery.

Secure the Laptop and the Network

• Ensure security with tools such as SonicWall Capture Client are implemented to protect laptops and desktop from zeroday next generation viruses and spyware. 

• Leverage next-generation firewall security services to protect the network and scan for viruses and ransomware, as well as for suspicious connections to and from your company, such as SonicWall and Barracuda
  Redundancy is key, so store server backups onsite and also replicate those backups to a remote location – either disaster recovery data centre or the cloud.

Manage Devices and Remote Users

• .Confirm the identity and security state of each endpoint device accessing the network, including laptops, desktops, smartphones and tablet.

• Control access for remote users and their associated devices based on the user identity and access rights level of trust.
• Allow access based only on the resources users are authorized to access – either on-premise or in the cloud.

Provide Remote Support

• Use remote connecting software to enable the helpdesk to see an employee’s screen and troubleshoot issues remotely.

Test, Train & Educate

Regularly test your backups and your ability to recover. Test your network regularly to find the holes in your network protection, and test your employees’ awareness and ability to spot the phishing emails that lay the groundwork for ransomware attacks with tool such as Barracuda Phishline.

Provide Communications Tools

• Provide, and enforce the use of, secure company-wide communications tools for instant messaging, video conferencing, and telephony so that employees can stay productive and continue collaborating while still keeping the business secure.

Use multi-factor authentication (MFA) whenever possible, especially for accounts like Office 365, G Suite, and SalesForce

Create strong, unique passwords for each account; use a password manager like LastPass or 1Password to create hard-to-guess passwords; and change them regularly

Keep software, anti-virus and firewalls up to date on all their devices

Set up your computers to use a secure DNS to protect from malware, phishing, and ransomware

Secure your home router

• Changing the default router password and install firmware updates to patch security vulnerabilities
• Set your encryption to WPA2 or WPA3 (whichever is highest), restrict inbound and outbound traffic, and switch off WPS
• Change their Wifi Access key
• Be cautious when working in a public area, using a privacy screen for their laptop and a VPN when using public Wi-Fi

On any devices that your employer isn’t managing backups for, be sure to back up your laptop to a local flash drive, or the cloud

If you are not working in a private location, be aware of physical security, use a privacy screen for your laptop, and use a VPN when using public Wi-Fi

Use multi-factor authentication (MFA) whenever possible, especially for accounts like Office 365, G Suite, and SalesForce

Create strong, unique passwords for each account; use a password manager like LastPass or 1Password to create hard-to-guess passwords; and change them regularly

Keep software, anti-virus and firewalls up to date on all their devices

Set up your computers to use a secure DNS to protect from malware, phishing, and ransomware

Secure your home router

• Changing the default router password and install firmware updates to patch security vulnerabilities
• Set your encryption to WPA2 or WPA3 (whichever is highest), restrict inbound and outbound traffic, and switch off WPS
• Change their Wifi Access key
• Be cautious when working in a public area, using a privacy screen for their laptop and a VPN when using public Wi-Fi

On any devices that your employer isn’t managing backups for, be sure to back up your laptop to a local flash drive, or the cloud

If you are not working in a private location, be aware of physical security, use a privacy screen for your laptop, and use a VPN when using public Wi-Fi