For many IT professionals and managed service providers (MSPs), remote management has always been part of the deal. Especially in this generation’s global economy, service providers are not always local to their clients, and it is much more efficient and effective to be able to support customers from afar. The big difference since the COVID-19 pandemic hit the headlines, is that employees are now working from home, which is a whole different ball game to managing anyone working from an office environment.
Instead of managing a centralized location, there are now multiple remote offices – all with different needs and security set-ups.
Our very own CEO, Gil Pekelman, spoke to Cyber Defense magazine about this essential topic, originally published on January 6th, 2021, and reprinted here.
When working from home, employees are much more likely to be using personal devices, or shared computers, and yet they are still accessing sensitive customer information, much of which is governed by compliance regulations. Home networks are less secure than office networks, with weaker protocols in place. A single vulnerability could bring a whole network down, compromising an entire company.
A Checklist for Remote Management of Home Workers
With many companies already extending WFH policies to continue through to Q2 of 2021, and maybe even longer, and the FBI reporting a 400% increase in cybercrime since the start of the pandemic, security procedures are still more important than ever.
It’s therefore essential that security teams up their game. Here are 5 top tips for IT professionals looking to secure their employee or client remote environments, and better educate end-users about working from home:
- Educate Against Phishing Threats: Nearly all cyberattacks come from a malicious link or attachment, which can only be effective if an employee falls for the scam. Keep your employees up to date on the latest threats, which sadly, at the moment, are leveraging fear around COVID-19, such as promising a vaccine or suggesting you have been in contact with someone that has tested positive.
- Don’t Forget Patch Management: Patched software is a secure software, so whatever your process, make sure that no employees are running old versions or even end of life software at home. The best technology partners will allow you to automate the install and update of your software via vendors such as Chocolatey or Homebrew so that you’re never behind the times.
- Think Home Network Vulnerabilities: You may need to think a little out of the box when it comes to protecting home networks. For example, how secure are your employee’s router settings, and what smart devices do they have which are connected to the home network? Take a thorough inventory of all connected devices, and start from there.
- Multi-Layered is the New Secure: There’s no such thing as a silver bullet for enterprise security anymore, so your best bet is a layered approach to cybersecurity. This might start with user education for example, followed by URL or script blocking, and then file scanning and integrity monitoring, and so on. Even if an attacker gets through one line of defense, the next is ready and waiting.
- Have a Disaster Recovery Plan: If all else fails, a robust disaster recovery plan will mean you can get back up and running as quickly as possible. Include a plan for business continuity, protecting sensitive information, minimizing financial loss and disruption to end-users, and an incident response plan to remain compliant with any relevant regulations. Make sure that your technology and service providers recognize the importance of securing this kind of unknown environment.
Looking Ahead to 2021, and Beyond
At the moment, none of us know what ‘the new normal’ is going to look like. For some, working from home will become commonplace, while others might move to a more hybrid way of working, some days from the office, some from home. We do know that organizations won’t want to risk being caught short again, struggling to securely manage at the same time as ensuring business continuity.
This signals a real change in mindset for today’s IT professionals. Many companies historically saw IT as a cost, rather than an investment. They couldn’t see the value in having IT support managing operations proactively, preferring to hope for the best and call in an expert if and when something needed attention, on a break-fix model. The pandemic has changed that, showing business stakeholders that they can’t afford to be unprepared and that they need a proactive approach to managing both IT and security.
The important thing when targeting this investment will be to ensure that security plays well with the rest of an organization’s IT ecosystem, whether that’s integrated in their professional services automation such as helpdesk software, or their remote management and maintenance, like remote access technology for example. If security is reliant on employee behavior or on multiple additional steps or vendor solutions, you’re going to struggle to ensure that you don’t have gaps.
If, on the other hand, security comes as part of a package deal, you don’t need to rely on employee or customer education alone. Think about software updates and patching that happen automatically without any impact on your business operations. Consider a backup solution that is working silently and effectively in the background. Onboard 2FA as part of the deal for employees from day one. Altogether, you’re creating a much more resilient and robust environment in which to work.
If you haven’t got started with Atera, what are you waiting for? Start your free trial, here.