Cyber Hygiene for a Remote Workforce
With coronavirus gaining strength worldwide, a lot of companies are faced with something that they may have been avoiding: the prospect of a completely remote workforce. As is usually the case when situations are thrust upon a company, old mistakes come to light, new mistakes are made, and past actions turn out to have unintended consequences. In our decades of collective experience and by virtue of being a mostly remote company, we have seen these mishaps occur. In that light, we have some recommendations for dealing with empty offices and a remote workforce to minimize threats to your company in the confusion of this new environment.
So, you are now faced with the prospect of an empty office environment. Not everyone will be self-quarantining. There may even be people who might see this as an opportunity to gain physical access to your environment. Make sure your security camera systems and alarms are logging and are remotely accessible. It is much easier to protect your physical perimeter when you know that there should be nobody there.
There is no valid reason to risk exposure of your network in order to enable a service that exists as a convenience of the people on site. In that light, turn off network components that only matter when there are people in the office. Nobody will be using printers, copiers, or scanners when nobody is in the office. Also consider turning off any kiosk systems, including televisions, Chromecasts, Apple TVs, and the like. Conference room equipment should also be completely turned off. In fact, if nobody is around to use your wireless network, you should turn that off as well. There is no reason to risk exposure of your office environment to areas outside your well secured, well monitored, empty office space.
Aside from the obvious problem of ensuring that your remote access solution can accommodate all your employees, there are many pitfalls in going completely remote. You should require two-factor authentication (2FA) on all remote solutions. Ensure that any externally facing applications behind your remote access solution or Virtual Private Network (VPN) have 2FA enabled. The networks your employees use at home are not under your control. You can recommend a policy, but you can only enforce it so far. Ensure that you have remote tracking enabled on all corporate assets. Make sure strong data encryption is enabled on the devices. Geographically restrict access to your remote access solutions or VPNs. If all of your employees reside in North America, they should not be logging in from Pakistan. Block access to these resources from known VPN providers and TOR network exit nodes. Route all VPN client traffic through your VPN to ensure that all outbound traffic gets monitored by your Data Loss Prevention (DLP) solution (you do have a DLP solution?) Make sure you have a Security Information and Event Management (SIEM) solution to which your corporate resources are logging, and set up alerts for any excessive traffic utilization or failed authentication attempts. Use this as an opportunity to identify anomalous behaviors in your logs, as in some parts of the network, the signal to noise ratio has gone down to nearly zero.
Most importantly, be respectful of those around you, wash your hands, and practice good hygiene, both physically and technologically!