As a result of the COVID-19 pandemic, remote work has become the new norm. In this blog article we will cover six risks caused by employees working from home.
Risk 1: Devices are no longer protected by your facility's physical security controls
In most office spaces you can control who accesses your facilities. You can track visitors with a sign-in sheet at the reception desk. You can monitor your facilities with security cameras to detect security incidents. The same physical safeguards do not apply to employees working from home.
Luckily you can still provide some physical safeguards for employees working from home. Provide employees with a laptop lock to protect their company provided workstation. This can help reduce device theft. Encrypt your workstations so that in the event the device is stolen, the data can not be read.
Here is a video demonstrating the use of a laptop lock:
Risk 2: Users may need to access your network remotely
Companies often have mission-critical resources (e.g. file servers) on their local networks. Your remote employees may now need to access those resources from home. Never make servers containing sensitive information directly accessible via the internet. A far more secure solution is to set up a virtual private network (VPN). This allows users to access their corporate network securely. Make sure that the VPN connection goes through a fully encrypted tunnel. Ensuring that only your employees can access your VPN remotely is critical. You can set up multifactor authentication (MFA) to do this. We recommend using SAASPASS for MFA so much that we became their partner. Feel free to reach out to us if you would like to use SAASPASS.
Another important point. Disable the split tunneling setting on your company’s VPN appliance. This ensures that when VPN is in use all traffic from a workstation goes through your VPN connection.
Risk 3: Family members (unauthorized persons) may access company systems
Users may “quickly step away” from their laptop leaving it unlocked and unattended. This provides an opportunity for other persons at home, to access the device.
You need to train end-users to lock their workstations before leaving them unattended. Don’t rely on the end-user. Configure your workstations to lock after five minutes of inactivity.
The below video demonstrates how to configure inactivity settings in group policy:
Risk 4: Users may work from personal devices instead of company-provided devices
To bypass your security controls, users may attempt to use their personal devices for work related tasks.
Here are a couple of common scenarios:
- Users may try to sync their corporate OneDrive to their personal laptops.
- Users may try to install a VPN client on their personal device to access the corporate network.
Create a whitelist to control which devices can connect to your network via the VPN. At the very least, prevent outdated operating systems from connecting to your VPN. Preventing devices that don’t have anti-virus software installed also makes sense.
Don’t forget about your cloud resources. Configure them so that they can only be accessed by authorized devices.
Risk 5: Workstations may not receive updates
Do you centrally manage updates for your workstations? If so, you may face difficulty deploying updates to remote workstations. Asking end users to connect to the VPN is a time consuming and largely hopeless endeavor. A more efficient method is to force users to connect to the VPN before logging into their workstation. This will allow you to deploy updates as if they were on your corporate network.
Alternatively, you can configure your workstations to receive their updates directly from Microsoft.
The below video demonstrates how to configure a Cisco VPN client to start before logon:
Risk 6: Users may print sensitive documents at home
The physical security controls in an employee’s home are limited and can not be verified. As a result, users should be prevented from printing documents from their workstation. This reduces the risk of sensitive information being leaked, whether intentionally or unintentionally.
Sure a user can email the document to themselves and print it from another computer. In this case, you will likely have evidence that they attempted to bypass your security controls.
The below video demonstrates how to prevent users from adding printers to their computer which can keep them from adding their home printer.
Safe Remote Work Demands Due Diligence
With the ongoing Coronavirus pandemic, remote work is an operational necessity. Ensuring that your organization has done its due diligence to maintain a reasonable level of cybersecurity will give you and your clients peace of mind.
Want more guidance on mitigating cyber risk? Reach out to us at firstname.lastname@example.org