Working remote due to corona-virus?

Noel

Here are 5 key tips that experts use to keep connections secure at home.

Looking at any headline, you’ll find that organizations are more susceptible to cyber-attacks than ever. An overwhelming number of employees have suddenly shifted to working remotely due to CoVid 19, presenting a major opportunity to hackers, and effectively widening an organization’s attack surface. Here’s how experts keep their connections secure at home.

 

1. Use a VPN

Know who provides your VPN. It is essential that your VPN service provider is a company that you trust. This company gains access to all of your online traffic.

Using a VPN has both privacy and security trade-offs. If you’re like most people, you acquire a VPN to prevent your Internet Service Provider and others on your network from spying on you. The trade-off is that you open yourself up to your VPN provider keeping tabs on your online activity. A VPN encrypts your local traffic, so anything you would otherwise be doing in “plain sight” will be automatically encrypted by the VPN tunnel.

For optimal security, it’s imperative that you use a trustworthy and reputable VPN provider. Ideally, if employees are using a corporate laptop at home, they should also be connecting to their business VPN for transport encryption.

 

2. Use Multi-Factor Authentication

Simply using a password to access your critical business data is extremely risky. Multi-factor authentication, or MFA for short, is simply an additional “factor” of authentication to supplement your password. The most widely used “factors” for authentication are:

  • Something you know (For example: A password or pin)
  • Something you have (For example: A cell phone with an app, a card, or a key.)
  • Something you are (For example: Your biometric data; IRIS, fingerprint, or face.)

When using cloud office products with MFA, employees can use their work credentials and their own mobile phone to authenticate against your business data directly in the cloud, which prevents 98% of attacks. When people can bring several authentication “factors” home, they are guaranteed access to the important business data they need while mitigating these targeted and blanket attacks.

Microsoft 365 comes with MFA, but it’s not enabled by default.

 

3. Wi-Fi Tips

What does your Wi-Fi password look like? If it utilizes a phone number or a word you’d find in a dictionary, chances are you need to change it. Disabling WPA on your home wifi device can help prevent unwanted guests, who could exploit the functionality of a router.

 

4. Make sure you have Endpoint Security

Are your employees using corporate laptops to work remotely? If so, they should have endpoint security. Endpoint security includes threat hunting, centralized log aggregation, anomaly alerting, host intrusion detection, and standard (signature, behavioral, and heuristic) antivirus.

Many providers sell end point security that includes only one or two of these items. If someone sells end point security that runs Norton for example, this is not truly end-point security. It’s anti-virus. The provider is only selling one thing. Therefore, be wary when people are selling end-point security. Ask them exactly what it entails, to ensure that you are getting effective security.

 

5. Strong Data Labels and Controls

The single most important point by far, is communication with your IT resource. You may know your liability, but your IT resources won’t until you tell them.

For example, you may know that you are storing social security numbers. By alerting your IT resource of your data storage liability, he/she will be able to label and secure that data. Most security controls involve balancing convenience and efficacy. The more secure a data system it, usually the less convenient it is. Depending on what you are trying to secure, your IT resource will work with you to provide the appropriate balance of convenience and efficacy for your business.

As an example, some businesses have an easier time adopting and maintaining card or certificate-based authentication, while other businesses might favor a Bring-Your-Own-Device (BYOD) and Multi-factor authentication approach. If the wrong combination of controls were assigned, the employees would likely stop using them and return to conducting business in insecure ways. I recommend asking your IT resource, “How do I protect (most valuable or sensitive corporate information)?” He or she will customize security based on your needs.

 

Have questions about your security or remote work set-up? Contact me at noel@americanit.co.