With many employees suddenly working from home, there are things an organization and employees can do to help remain productive without increasing cybersecurity risk.
While employees in this new remote work situation will be thinking about how to stay in touch with colleagues and coworkers using chat applications, shared documents, and replacing planned meetings with conference calls, they may not be thinking about cyberattacks. CISOs and admins need to look urgently at new scenarios and new threat vectors as their organizations become a distributed organization overnight, with less time to make detailed plans or run pilots.
Based on our experiences working with customers who have had to pivot to new working environments quickly, I want to share some of those best practices that help ensure the best protection.
Enabling official chat tools helps employees know where to congregate for work. If you’re taking advantage of the six months of free premium Microsoft Teams or the removed limits on how many users can join a team or schedule video calls using the “freemium” version, follow these steps for supporting remote work with Teams. The Open for Business Hub lists tools from various vendors that are free to small businesses during the outbreak. Whichever software you pick, provision it to users with Azure Active Directory (Azure AD) and set up single-sign-on, and you won’t have to worry about download links getting emailed around, which could lead to users falling for phishing emails.
You can secure access to cloud applications with Azure AD Conditional Access, protecting those sign-ins with security defaults. Remember to look at any policies you have set already, to make sure they don’t block access for users working from home. For secure collaboration with partners and suppliers, look at Azure AD B2B.
While many employees have work laptops they use at home, it’s likely organizations will see an increase in the use of personal devices accessing company data. Using Azure AD Conditional Access and Microsoft Intune app protection policies together helps manage and secure corporate data in approved apps on these personal devices, so employees can remain productive.
Intune automatically discovers new devices as users connect with them, prompting them to register the device and sign in with their company credentials. You could manage more device options, like turning on BitLocker or enforcing password length, without interfering with users’ personal data, like family photos; but be sensitive about these changes and make sure there’s a real risk you’re addressing rather than setting policies just because they’re available.
Read more in Tech Community on ways Azure AD can enable remote work.
You’ve heard me say it time and again when it comes to multi-factor authentication (MFA): 100 percent of your employees, 100 percent of the time. The single best thing you can do to improve security for employees working from home is to turn on MFA. If you don’t already have processes in place, treat this as an emergency pilot and make sure you have support folks ready to help employees who get stuck. As you probably can’t distribute hardware security devices, use Windows Hello biometrics and smartphone authentication apps like Microsoft Authenticator.
Longer-term, I recommend security admins consider a program to find and label the most critical data, like Azure Information Protection, so you can track and audit usage when employees work from home. We must not assume that all networks are secure, or that all employees are in fact working from home when working remotely.
Track your Microsoft Secure Score to see how remote working affects your compliance and risk surface. Use Microsoft Defender Advanced Threat Protection (ATP) to look for attackers masquerading as employees working from home, but be aware that access policies looking for changes in user routines may flag legitimate logons from home and coffee shops.
As more organizations adapt to remote work options, supporting employees will require more than just providing tools and enforcing policies. It will be a combination of tools, transparency, and timeliness.
Remote workers have access to data, information, and your network. This increases the temptation for bad actors. Warn your employees to expect more phishing attempts, including targeted spear phishing aimed at high profile credentials. Now is a good time to be diligent, so watch out for urgent requests that break company policy, use emotive language, and have details that are slightly wrong—
Establishing a clear communications policy helps employees recognize official messages. For example, video is harder to spoof than email: an official channel like Microsoft Stream could reduce the chance of phishing while making people feel connected. Streaming videos they can view at a convenient time will also help employees juggling personal responsibilities, like school closures or travel schedule changes.
Transparency is key. Some of our most successful customers are also some of our most transparent ones. Employee trust is built on transparency. By providing clear and basic information, including how to protect their devices, will help you and employees stay ahead of threats.
For example, help employees understand why downloading and using consumer or free VPNs is a bad idea. These connections can extract sensitive information from your network without employees realizing. Instead, offer guidance on how to leverage your VPN and how it’s routed through a secure VPN connection.
Employees need a basic understanding of conditional access policies and what their devices need to connect to the corporate network, like up-to-date anti-malware protection. This way employees understand if their access is blocked and how to get the support they need.
Working from home doesn’t mean being isolated. Reassure employees they can be social, stay in touch with colleagues, and still help keep the business secure.
Mesh wifi networks solve a particular problem for small business: covering a relatively large area, more than about 1,000 square feet on a single floor, or a multi-floor office, with minimal costs while eliminating slow wifi networks. This is especially important where there’s no ethernet already present to allow easier wired network connections of non-mesh WiFi access points. The concept of mesh networks first appeared in the 1980s in military experiments, and it became commercially available in the 1990s. But hardware, radio, and spectrum requirements; cost; and availability made it truly practical for small businesses only in the last couple of years. That’s why we see so many systems hit the market all at once. Mesh networking treats each base station as a node that exchanges information continuously about network conditions with all adjacent nodes across the entire set. Mesh technology allows nodes that aren’t sending and receiving data to each other to still know all about each other while saving this knowledge in a cloud-based backend or firmware on each WiFi access point.
Ruckus is fixing slow WiFi networks for Small Business by rolling out their Zero Touch Mesh feature as part of the latest Ruckus Unleashed 200.6 update. The update enhances their pre-existing SmartMesh wireless meshing technology, which is designed to create self-forming, self-healing mesh networks dynamically. Self-healing means that your mesh network will automatically adjust itself to fix slow networks and to make sure each member of the node can communicate with each other.
SmartMesh makes it simple to blanket every corner of your small business with reliable WiFi coverage by eliminating the need for cumbersome radio planning and expensive cabling to every wifi access point (AP). Now with Zero Touch Mesh, you can skip the mesh configuration priming process as Mesh APs already installed in their permanent locations will auto-discover, auto-provision, and auto-form a fast mesh network securely without priming.
Ruckus recently hosted an Unleashed AP configuration competition during a partner event. All participating contestants successfully configured their respective APs in under two minutes. Anyone can easily manage the unleashed network – no expert IT staff required. You can manage Unleashed networks from anywhere in the world with the free Unleashed Mobile app. The app’s dashboard displays all the essential information about your network while providing access to key administrative tasks and troubleshooting options. Unleashed 200.6 also makes it easier for you to troubleshoot wireless networks quickly. With the Unleashed (browser) dashboard or mobile app, you can now precisely pinpoint technical issues, such as why the internet is down, why a specific device is unable to connect to Wi-Fi, or why an AP has rebooted.
Beyond Zero Touch Mesh, Unleashed 200.6 adds a slew of new features and enhancements to provide you with more robust control over your wifi networks and to improve security. For example, with application rate limiting, QoS traffic shaping, and denial rules, you can now define policies to restrict Wi-Fi speed for users at the application level. Plus, you can easily rename any of your end-point or network devices which provides for easy network administration and documentation out of the box.
Ready To Get Started?
REQUEST A FREE QUOTE!