Security tips for IT teams supporting work from home
We’ve fielded a few calls already from organizations who’ve suffered incidents relating to remote work. Here is a first cut of security recommendations for IT people who are supporting remote team members:
Run awareness training for your staff – they’ll be more susceptible to phishing attacks during this particular time.
Ensure you have MFA enabled on your VPN, and are monitoring VPN access for unauthorized activity.
Enforce strong password use and MFA on critical SaaS and other services (GSuite/O365/Azure/AWS/etc).
Encrypt your mobile devices to protect against theft. Devices will be out in the wild a lot more and more liable to be stolen.
Make sure you have multiple channels of communications in case one system/path fails, and you need to communicate critical or sensitive data.
Email is not a good replacement for sensitive documents sent out on paper – use secure document transfer mechanisms rather than emailing sensitive data.
Ensure your email systems are properly protected against malicious traffic (add-ons like Office ATP can help here).
Your team should be equipped with the right tools to be productive, and a fall back plan in case one system fails due to load or other issues. Tools like Zoom, Slack, Teams, Google Hangouts.
Educate your users on proper security for their home networks. Changing the default passwords on their routers/IoT devices. Making sure they are running strong Anti-Malware protection, host based firewalls and patching regularly if they are using personal devices to access work data. Ensuring that devices that their children are using aren’t bringing malicious code into the house.
Training materials covering the above and more
We’ve posted the above as training courses and videos for you to distribute to users and staff:
ONLINE TRAINING COURSES
As we come up with new suggestions we’ll update this post, so please check in regularly. We’re also working on a PDF versions for staff and IT that you can distribute to employees, managers and other contacts.
If you’d like to receive updates to this and other resources, please subscribe below.