Recent extraordinary events have introduced a sudden and dramatic increase in home and remote working, which has given businesses the opportunity to assess the strength, performance, capacity and security of their existing networks and policies.
While much of the security news agenda around the coronavirus outbreak has focused on the opportunistic cyber criminals, the average businesses focus should be on ensuring their security systems keep them safe from threat campaigns, bug disclosures and cyber-attacks.
Employees working remotely will naturally be required to access their organisation’s network/drives/resources etc, and this usually requires a virtual private network (VPN) connection.
A VPN connection uses client software (open-source or proprietary) or a standard web browser to create a secure encrypted tunnel that extends a private network across an insecure public network. This allows users to send and receive data as if the device was directly connected to the corporate network.
Some businesses can work around the insecure home network issue by getting their users to use remote desktop services (RDS), where you are remotely controlling your real PC in the office through a secure network connection. If you are unable to take advantage of this option, the main issue when using home PCs is making sure that they are as secure as possible. To ensure security you should install/update the latest software (e.g. OS/application updates & antivirus software), use strong passwords and preferably log in using two factor authentication (2FA). Organisations should also be using intrusion detection/prevention (IDS/IPS) capability in conjunction with their perimeter firewalls.
Does your organisation have relevant and updated policies to help during this time? Ensuring your organisation’s remote-working access management and password policies are updated and rolled out to staff should be top of your list as your company transitions to having more people outside of the office.
Capacity planning is also essential to an organisation’s preparation for mass remote working. It is critical to ensure your organisation’s hardware capability and licence quantities can accommodate the maximum concurrent connections from all remote users. Without the correct number of licenses and/or hardware performance, some staff may not be able to access your company’s network when required.
During this time security services have suggested the following:
Essentially, all businesses should use this opportunity to evaluate their risk profile. While a certain level of security is required, especially with PCI & GDPR policies mandating requirements, preparing for all eventualities is the way a company moves forward.
Making sure the amount of security you need (beyond a minimum baseline requirement) is proportionate to the value of the data you are protecting, and the level of security is an optimum value for your business.
The implementation of a successful guest wireless network takes careful planning. In this eBook we highlight the 4 key considerations before selecting a guest wireless network solution for your specific requirements.