04-13-2021, 01:33 AM
As steps to counter the coronavirus outbreak take effect, millions of workers across the globe have been sent home with their laptops for the first time. If you’re one of them, or if you’ve recently been tasked with the job of setting up remote users from scratch, here’s how to get up and running, while staying safe from cyber security threats.
Computer set-up
When comprehensive lockdowns in Dubai initially came into force, second-hand laptop and tablet scales soared. Work out what equipment people will need and carry out a kit inventory to avoid a last minute buying scramble later on. Note: this includes peripherals such as screens, headsets and connector cables as well as actual computers.
If the plan is for employees to use their own equipment, make sure it is up to the job. Check the recommended hardware and operating system specifications for installing and running the software your people will be expected to use. Also, bear in mind that if the machine they will be using is underpowered (e.g. running a very basic i3 processor), the user may struggle to run multiple business applications at once.
Avoid ‘shadow IT’
According to McAfee, 25% of sensitive enterprise data going to the cloud is uploaded to high or medium risk applications, not approved by their employers. This is known as ‘shadow IT’, whereby staff start using software for business purposes that hasn’t been checked or authorized by the IT department.
If you fail to give your staff the tech stack they need, along with a whitelist of approved software, they are simply going to fill in the gaps themselves. This runs the risk of adoption of apps that are vulnerable to exploits.
Right now, many businesses will be looking at collaboration, team management and communication software for the first time. Those in charge of IT security need to ensure that only reputable apps are deployed. Must-haves include end-to-end encryption, multi factor authentication and strong, verifiable uptime statistics.
Connection to the network
If staff require access to the company network, you need to ensure that the means of access is secure. For this, consider adopting a Virtual Private Network (VPN), designed to provide encrypted access between remote users and the company network.
Reputable business VPNs include NordVPN Teams, Encrypt.me and Perimeter 81. Also consider Zero Trust Network Access & Software Defined Perimeter solutions to limit the attack surface of remote access solutions.
Mobile Device Management
Mobile Device Management (MDM) software makes it easier to deploy, secure and monitor not just mobile devices - but also the laptops and desktops that are in play across a scattered workforce.
With the right MDM platform, administrators can carry out software and system updates in bulk. You can remotely back up data, quarantine or remove unauthorised applications or users, monitor for malware and security threats, and set up secure containers for especially sensitive files. Especially useful if an employee leaves your company while your office is still quarantined, you can ensure that all corporate information is removed from their device(s) remotely.
Maintain good cybersecurity hygiene
Rather than taking an ‘access all areas’ approach, establish which parts of your system remote users will actually require access to in order to do their job. Use internal firewalls to cordon off externally accessed systems from the rest of the network.
Ensure that robust measures are in place to prevent access to internal systems by outsiders. Two-factor authentication is recommended here: e,g, a combination of password and numerical access code.
Harden access
Home workers need to bear in mind the following:
Company security policies still apply. Avoid drifting into an ‘out of sight, out of mind’ mentality and make sure that you still stick to your company’s IT usage and security policies. This includes matters such as not downloading authorized apps, visiting off-limit websites on work machines and opening emails/links from unfamiliar sources.
Password strength. As discussed above, two-factor authentication can reduce the likelihood of authorized systems access. Especially for applications that rely solely on a password for verification, the usual recommendations regarding password strength apply. Key aspects of this are length (ideally at least 7 or 8 characters), and having a combination of letters, numbers and symbols. Passwords should also be unique, so that if one business account is compromised, there is less likelihood of a hacker gaining access to all areas.
Secure your home router. Ensure you are aware of any firmware updates affecting your router and that these are installed promptly in order to patch any security vulnerabilities. Apply the highest level of encryption available from your service provider and switch off WPS.
Be wary of phishing threats. As we covered recently, scammers are upping their game to take advantage of the coronovirus threat. With so many people changing their working set-up, workers need to be especially wary of phishing emails targeting personal information or seeking to gain access to company accounts.
Check email addresses and domain names carefully. If in doubt about an alleged sender’s identity, contact them via a number/address located somewhere other than in the suspect email.
Computer set-up
When comprehensive lockdowns in Dubai initially came into force, second-hand laptop and tablet scales soared. Work out what equipment people will need and carry out a kit inventory to avoid a last minute buying scramble later on. Note: this includes peripherals such as screens, headsets and connector cables as well as actual computers.
If the plan is for employees to use their own equipment, make sure it is up to the job. Check the recommended hardware and operating system specifications for installing and running the software your people will be expected to use. Also, bear in mind that if the machine they will be using is underpowered (e.g. running a very basic i3 processor), the user may struggle to run multiple business applications at once.
Avoid ‘shadow IT’
According to McAfee, 25% of sensitive enterprise data going to the cloud is uploaded to high or medium risk applications, not approved by their employers. This is known as ‘shadow IT’, whereby staff start using software for business purposes that hasn’t been checked or authorized by the IT department.
If you fail to give your staff the tech stack they need, along with a whitelist of approved software, they are simply going to fill in the gaps themselves. This runs the risk of adoption of apps that are vulnerable to exploits.
Right now, many businesses will be looking at collaboration, team management and communication software for the first time. Those in charge of IT security need to ensure that only reputable apps are deployed. Must-haves include end-to-end encryption, multi factor authentication and strong, verifiable uptime statistics.
Connection to the network
If staff require access to the company network, you need to ensure that the means of access is secure. For this, consider adopting a Virtual Private Network (VPN), designed to provide encrypted access between remote users and the company network.
Reputable business VPNs include NordVPN Teams, Encrypt.me and Perimeter 81. Also consider Zero Trust Network Access & Software Defined Perimeter solutions to limit the attack surface of remote access solutions.
Mobile Device Management
Mobile Device Management (MDM) software makes it easier to deploy, secure and monitor not just mobile devices - but also the laptops and desktops that are in play across a scattered workforce.
With the right MDM platform, administrators can carry out software and system updates in bulk. You can remotely back up data, quarantine or remove unauthorised applications or users, monitor for malware and security threats, and set up secure containers for especially sensitive files. Especially useful if an employee leaves your company while your office is still quarantined, you can ensure that all corporate information is removed from their device(s) remotely.
Maintain good cybersecurity hygiene
Rather than taking an ‘access all areas’ approach, establish which parts of your system remote users will actually require access to in order to do their job. Use internal firewalls to cordon off externally accessed systems from the rest of the network.
Ensure that robust measures are in place to prevent access to internal systems by outsiders. Two-factor authentication is recommended here: e,g, a combination of password and numerical access code.
Harden access
Home workers need to bear in mind the following:
Company security policies still apply. Avoid drifting into an ‘out of sight, out of mind’ mentality and make sure that you still stick to your company’s IT usage and security policies. This includes matters such as not downloading authorized apps, visiting off-limit websites on work machines and opening emails/links from unfamiliar sources.
Password strength. As discussed above, two-factor authentication can reduce the likelihood of authorized systems access. Especially for applications that rely solely on a password for verification, the usual recommendations regarding password strength apply. Key aspects of this are length (ideally at least 7 or 8 characters), and having a combination of letters, numbers and symbols. Passwords should also be unique, so that if one business account is compromised, there is less likelihood of a hacker gaining access to all areas.
Secure your home router. Ensure you are aware of any firmware updates affecting your router and that these are installed promptly in order to patch any security vulnerabilities. Apply the highest level of encryption available from your service provider and switch off WPS.
Be wary of phishing threats. As we covered recently, scammers are upping their game to take advantage of the coronovirus threat. With so many people changing their working set-up, workers need to be especially wary of phishing emails targeting personal information or seeking to gain access to company accounts.
Check email addresses and domain names carefully. If in doubt about an alleged sender’s identity, contact them via a number/address located somewhere other than in the suspect email.