The Coronavirus (COVID-19) has affected individuals and businesses across the world. The rapid increase in work-at-home employees has necessitated businesses - almost overnight - to take preventative actions to protect their corporate networks.
Here are some suggested best practices that both companies and their employees should follow to keep data and devices safe in a ‘working-from-home” environment:
1. PC/Laptop Software Attributes: Ensure the following:
- The operating system Windows 8 and above
- The OS is set to automatically install updates
- The Internet browser is updated to the latest version and future updates are installed immediately
- Anti-virus is installed and scanning daily, (Windows Defender, Norton, Sophos, etc.)
- Automatic lockout after 15 minutes of inactivity is enabled
2. Virtual Private Network (VPN): Utilize a VPN solution rather than a Remote Desktop Protocol (RDP)/ remote-desktop solution (TeamViewer, LogMeIn, etc.). Most modern firewalls are capable of provisioning secure VPN accounts.
3. Complex Passwords: All remote access accounts should have 15+ character passwords with numeral and special character complexity requirements.
4. Updated Remote Desktop: If you are using remote desktop software (such as TeamViewer, LogMeIn, NinjaRMM or a similar platform) ensure that the application is appropriately up-to-date/patched and that it also uses 15+ character passwords with numeral and special character complexity requirements.
5. Multi-Factor Authentication: Ensure that multi-factor authentication (MFA) is available and enabled for all remote access accounts.
6. Internet Connectivity: Advise employees to only utilize WiFi network that they know, and to avoid public WiFi networks, particularly when working with customer or other sensitive data.
7. Secure File Sharing: Avoid non-secure/non-corporate managed file sharing services.
8. Encrypted Messaging: Ensure chat/IM systems (e.g., Microsoft Teams, Skype, Zoom or Slack) encrypt messages in transit and at rest.
Keep in mind that these best practices are just a start to help an organization safely transition employees to remote work and keep the business running smoothly. This list represents a few among many cybersecurity best practices for remote access. For best results, all access control concerns should be rigorously evaluated by experienced and credentialed cybersecurity practitioners. As always, the Advantage team of experts is available to help.