Keeping Remote Workers Secure and Productive

Thanks to necessary advances in technology during the COVID pandemic, we have entered the age of the Work-From-Home (WFH) remote team. Here's how to make sure they stay protected.

Within hours of the State of California issuing ‘Safer at Home’ orders on March 19, 2020, AllConnected’s helpdesk, network, and application teams fielded over 200 tickets related to ensuring our clients’ new WFH employees stayed secure, healthy, and productive.

The lengthy pandemic, and the quick releases of new software, created a new class of employee: telecommuter, or  remote worker, or work-from-home employee, who remain anything but “non-essential.” 

What is also clear is that as the pandemic mandates end, many employees are not returning to the office. So our engineering team has assembled some important observations and recommendations below for your organization to ensure continuity of business operations with remote workers:

Protect Your Email from Cyber-Attacks

Most remote employees rely solely on email for their office communications, which is why Cybercriminals prey on email with targeted phishing attacks. Educate your employees to ensure they are on-guard against these types of attacks and ensure email filtering is in place for all users.

Keep AV Up-to-Date

Whether the employee is using a corporate or personal computer, all remote users should have their Anti-Virus (AV) software and definitions current. Make sure that the AV is set to update automatically and run scans on a frequent basis.

Use MFA on your VPN

You’ve known for years that Virtual Private Networks (VPN) give your remote workers a private, encrypted pathway over the Internet to your secure corporate network. That’s why today’s cybercriminals try to hack into your network by first stealing the VPN user’s “credentials”: username and password.

If the username is obvious and the password is weak, the cyber-attacker can gain access to your network and install malware, attack other devices, etc.

That’s why we recommend multi-factor authentication (MFA). MFA is both a strategy and a process of requiring than one proof of a user’s identity before allowing access to the network.

The password is the first form of user authentication. Secondary credentials include numerical codes sent to the user’s cellphone (most common), hardware tokens provided by the company, biometric scans of the user’s retina or finger, and tracking of the user’s location and work schedule.

A company’s MFA establishes a consistent form of authentication, which is especially important as company data moves to the cloud. MFA also allows organizations to keep track of which devices access the network, whether corporate or personally owned (BYOD, “bring your own device”). Organizations can then set access policies based on location – blocking requests from outside the United States, for example. Or they can block devices that don’t have up-to-date software.

Organizations that need to be HIPAA, NIST 800-171, or PCI DSS 3.2 compliant also require MFA for all VPN access.

AllConnected recommends Cisco Duo‘s “Zero trust” security for MFA

With Cisco Duo you can:

If you would like to learn more about MFA and how it adds another layer of security to your business, see our article “How Secure Is Your Multi-Factor Authentication?

Secure Applications through Desktop Virtualization

Desktop virtualization technology allows remote users to access the same work session they would see on their PC at work but on their cell phone, tablet, personal PC, Smart TV, etc.

Originally called Terminal Services, Remote Desktop Services (RDS) is a collection of technologies designed connect remote users to applications or virtual desktops hosted on a server or hosted on a collection of virtual desktop systems. The user’s “session” functions completely within the server environment, rather than on their local device, which may be a personal device.

Depending upon your organization’s needs, AllConnected recommends using RDS, in which remote users interact directly with Microsoft’s Remote Desktop Protocol (RDP) on the server, or with Citrix Virtual Apps and Desktops (formerly Citrix XenDesktop).

AllConnected CTO and Chief Architect Richard Pressler

Both Citrix and RDS work well for remote workers, the licensing costs are less with Microsoft RDS, but Citrix has some advantages, particularly when connecting from a mobile device and with complex printing needs. In both cases, we recommend never allowing the infrastructure to be accessed directly over the internet. For Citrix, a VPN or a front end Citrix appliance should be implemented. For RDS, a VPN or a front end RDS Gateway should be implemented.

Richard Pressler

AllConnected CTO and Chief Architect

Secure Internet Use with Cisco Umbrella

Cisco Umbrella provides your remote users with a personal firewall.

Umbrella filters the DNS of all internet requests, identifying and proactively blocking malicious requests before a connection is established. It also blocks already infected computers from communicating with malicious servers so cybercriminals are unable to exploit the device further.

Conclusion

We all want to make sure our organizations continue to operate during a disaster or cyber-attack. That’s why AllConnected is dedicated to helping you develop critical infrastructure, disaster recovery and business continuity plans to fit the needs of your organization. If our team can be of assistance, please contact us at 805.526.1455, option 3, email us at covid19solutions@allconnected.com, or use the contact form below.

Learn More

Cisco Umbrella: Your Cybersecurity Shield

Cisco Umbrella is a cloud computing security gateway designed to protect you from malware, botnets, phishing, and targeted online attacks.

What is Multi-factor Authentication and How Does It Protect Your Business?

Compromised accounts are a big issue when passwords are overused, too simple, or...

Get In Touch