The best way that security can be managed when Working From Home (WFH) is to ensure the WFH devices are known to be patched, have AV, and are monitored.
There is always going to be a risk if the device is not monitored as you won’t know what the patch/AV status is, therefore to ensure optimal security the device should be proactively monitored. It is especially important on home PCs that might be shared with other users.
For businesses that have on-premise infrastructure, there should ideally be an RDS (Remote Desktop/Terminal Server) which they connect to via RD Gateway which provides an encrypted connection using SSL a certificate and the RD Gateway should have MFA enabled on it.
All accounts should have password complexity (ideally 10 characters or longer).
All Office 365 accounts should be protected with MFA regardless of whether they have on-premise infrastructure or not.
At Kinetics we have three services that protect your business whether you are WFH or in the office.
1. Ensure Kare is on your WFH Devices.
Keeping all PCs up-to-date with antivirus, Windows, and Office update along with other common software is vital when the devices are used for WFH – making sure your backups are 100% and running a regular test remains critical in the event of an urgent file or system recovery.
When it comes to WFH we must ask what more can we do? We must keep exploring new tools and devoting more effort and resources than ever before to security. There is more that we can do, and more we need to do to protect those WFH devices.
That’s why we have added ‘KARE for Security’, to step beyond the traditional protections and look to use the newer tools and techniques.
2. Introduce Kare For Security
Governance – typically an annual process to re-affirm business policies and procedures, considering what are the key data assets to protect, and what ‘rules’ should be in place around them.
- If the machine isn’t owned by the business, do you have permission from the machine owner to install business software tools and business protection suites on the machine?
- Likewise, does the machine meet the specifications necessary to support the work being done?
- Does the work environment meet your health and safety requirements?
- Does the work environment meet your requirements for confidentiality?
- Will any video-calls breach the privacy of the home-worker or anyone else in the home?
Prevention and Detection – the day to day activities to keep your data safe to meet the requirement identified in the governance section. This is a highly dynamic area as new tools emerge all the time, and we need to review it regularly to make sure we have the right settings in place. This will vary as new protection layers become available and relevant. In the current edition of KARE for Security, we include prevention tools like DNS ‘curation’ – blocking access to URLs that aren’t trusted; multi-factor authentication – going beyond passwords for providing access; ATP blockers – testing email attachments before they come to users to make sure they don’t introduce unexpected elements including ransomware; deep scan anti-malware to more aggressively detect infiltrations; security reporting on file access and rights exceptions; and training – phishing tests, eLearning and security presentations.
Recovery – There is always a chance of something striking. Ultimately, there needs to be a system in place for recovery, and that means good backups, monitored daily, ideally with backups occurring frequently during the day to reduce the time lost if a recovery is necessary.
3. Conduct a Kare Security Review
Do you understand where you currently stand?
You need to be proactive to identify any threats and vulnerabilities your business is facing by conducting a KARE Security Review.
It’s a structured review with over 50 Business and Technical questions that focus on Cyber Security and Governance. In this 90-minute interview, we help you discover how to leverage the best of Cyber Security strategies and technologies to propel your business forward, engage your staff, and strengthen your security posture.