We have been watching the news, reading your helpful posts here on the community and even working remotely ourselves.
Based on what we've read and experienced, we have put together some guidance on the remote workforce situation (when possible, we realize not all employees have the ability to work remote).
Join the discussion. What did we get right? What did we miss?
Nine Work-from-Home Key Security Practices
The coronavirus (COVID-19) outbreak is forcing a lot of people who have never had to work from home to do just that. While telecommuting is a growing practice, many organizations simply weren’t prepared to set up employees to work from home. This is creating a significant number of challenges, including how to protect newly-minted telecommuters from cybersecurity threats.
The substantial increase in telecommuters is forcing cybersecurity teams to hold off on day-to-day tasks in order to help employees secure their new working environments. These teams, all of the sudden, are under pressure to address new risk profiles their organizations never anticipated.
Some of the issues they are facing, such as companies lacking enough laptops and VPN licenses, may not have an immediate solution. But these challenges are also lessons that organizations can apply to business continuity plans when they revise them for the future.
In the meantime, cybersecurity professionals can guide work-from-home employees through some basic measures to lower their exposure to cyber risks:
These basic practices can go a long way to help secure home environments. If you have other tips and practices you can share with your cybersecurity peers, visit our community.
@AndreaMoore this is rock solid advice! Everyone is playing catch-up with enabling VPN access for remote workers and setting up mandatory multi-factor authentication. I can't reemphasize enough your points on WiFi security and data protection they are spot on. Hackers are just waiting for systems to collapse and then strike and infiltrate networks. Be safe and secure my cyber friends! Now, back to my WFH nook..
Another good guide to the situation:
SANS has opened up their
SANS Security Awareness Work-from-Home Deployment Kit
"Everything you need to know to create secure work-from-home environments during the COVID-19 pandemic and beyond.
which offers a wide variety of SANS public resources and paid training materials at no cost."
as highlighted in a recent SANS Newbytes
I wanted to alert everyone of an upcoming webinar on this topic.
Free Webinar, April 16, at 1:00 pm ET Earn 1 CPE
Office Shutdown: Securing an Increased Remote Workforce
The COVID-19 virus outbreak has put immense pressure on IT organizations who now need to scale remote access quickly to thousands of users working from home. Many organizations did not have a plan in place for this and are doing the best they can. Many remote workers haven’t been issued laptops or are using unmanaged devices that may not have adequate protections. Some companies are running into licensing issues for things like their VPN connections. Join ExtraHop and (ISC)2 on April 16, 2020 at 1:00PM Eastern for a timely discussion on how you can deal with performance and security implications of this shift and receive tips and best practices on how to deal with the situation we find ourselves in.
Here's another webinar we are hosting on the topic of security and a remote workforce:
Minimizing Security Impacts of a Growing Remote Workforce
April 28, 13:00 BST
Many organisations are implementing remote working policies and need to quickly support an unprecedented increase in the number of remote employees. However, an expanding remote workforce can significantly increase the attack surface and has changed the threat model of organisations overnight. Many remote access options are quick to implement but are not secure and organisations are trying to navigate the challenges of quickly, but securely, operationalising their remote employees.
On April 28, 2020 at 13:00 BST, BeyondTrust and (ISC)² will explore the risks unsecure remote access presents and discuss how the secure remote access and endpoint privilege management pillars of a PAM solution can securely and efficiently connect remote employees to corporate resources.
I'd also advocate for user education at the moment.
Many users invariably avoid change most of the time.
Sound familiar? "... but we've always done it this way!".
Change has now become a way of life... ergo a little user education goes a long way.
With what is going on in the world at the moment, arguably it will go even further right now!