Since the onset of the COVID-19 pandemic, many companies have spent the last few months scrambling to get their staff properly set up for remote work.

Getting Started with Work From Home (WFH)

It seems simple enough at first to issue an employee a laptop and have your IT department create them a VPN account.  Following up with a 2-minute demo on how to connect, then send them home hoping that they will be able to connect so you aren’t paying a considerable amount in lost productivity.

This approach, which may be considered “standard” is rife with drawbacks and risks.

Work From Home Security

Typically, I believe cybersecurity requires a delicate balance between convenience and security. With COVID-19 induced working from home, the delicate balance went out the window.  We need to firmly land on the security side of the balance, with controls and policies that are heard and seen not just hidden in the background.

There are several reasons for this; an employee’s home “work” network is likely an inexpensive consumer-grade router, or worse, the router that Spectrum, Comcast, Frontier, etc provide with their service.

This needs to be treated as an untrusted and unsecured network. At the minimum, there are numerous other unprotected devices on that network and at worst, the network has been compromised and something is lying in wait.

Home Networks Unsecured

As of August 2020, an audit of Spectrum subscribers shows that there are over 8,000 NETGEAR unsecured devices exposed, and your employees are likely one of the offending subscribers. If the router and the perimeter security device are compromised, everything on the network is at risk of compromise, including the computer they connect to your business with.

Adding a virtual private network (VPN) gives you online privacy and anonymity by creating a private network from a public internet connection. VPNs mask your internet protocol (IP) address so your online actions are virtually untraceable. Most importantly, VPN services establish secure and encrypted connections to provide greater privacy than a secured Wi-Fi hotspot.

Safeguards That Can Help

Protect devices with advanced threat protection and detection. While it's likely not cost-effective to deploy edge devices, there are precautions you can take:

1. Protect VPN accounts with Multifactor Authentication (MFA), If your VPN provider doesn’t support some type of token or OTP get a new firewall immediately.

2. While optional, you can also protect the local windows machine login with MFA.

3. Stay current on software updates and patches. According to ServiceNow, "60% of breaches were linked to a vulnerability where a patch was available, but not applied."

4. Evaluate the opportunity to transition your on-premises services to cloud hosting providers, this transfers the risk and can eliminate the dependency on your internal infrastructure, lowering potential IT capital projects long term.

Teknologize is a SOC 2 certified, Professional Technology Services company with clients throughout the Pacific Northwest. We have offices located in:

• Tri-Cities, Washington 509.396.6640
• Yakima, Washington 509.396.6640
• Bend, Oregon 541.848.6072

Questions about your IT or Cybersecurity? Give us a call today!