Introduction to Secure Remote Working
Dear Clients, Colleagues, and Friends,
In this time of uncertainty, we wanted to reach out and let you know that we are fully operational. Our team has operated as a fully remote company for the last four years. Little did we know how important this would be. Some of you may be experiencing fully remote work for the first time, so we have put together the following guidelines to help with the transition into a secure remote working situation.
Access Control in Secure Remote Working
- Your first step should be to identify users by role, and ensure you are providing appropriate access to sensitive data. Although you must move quickly, you should not let speed be your enemy.
- Ensure you have a Standard Operating Procedure (SOP) for providing the appropriate access and you have a way to track which users have access. Ensure you are segmenting data and environments, rather than allowing everyone full access. This approach may take more time but it will protect your business and data over the longer term, which is especially important since we do not yet know how long this access will be necessary.
- DO NOT deploy any remote access solution, including access to SaaS apps, without MFA in place.
- Ideally, you should be using Single Sign On (SSO) through your central authentication solution. If you are not using SSO, there are many free and low-cost ways to provide MFA to your users.
- For the most sensitive information and users, a hardware token (like YubiKey) is essential.
- There have been numerous vulnerabilities in the majority of VPN clients and in the last year. Before you deploy your remote access solution, ensure it is the most up-to-date version and have a strategy to roll out emergency patches should a new vulnerability arise in the coming months.
Logging and Monitoring
- Early detection is key for understanding when users are mistakenly, or maliciously, accessing or exfiltrating sensitive information. Ensure you have logging enabled on all remote endpoints.
- Don’t wait for alerts to fire – ensure you are auditing access. Malicious activity is very easy to hide with trusted users. Review access and logs proactively and search for anomalies.
- Leverage your endpoint vendors and ensure you install some form of endpoint detection and response on any device that will be connecting to sensitive data and log and monitor the alerts from these endpoints.
- Use company-owned equipment for any access to sensitive data and information.
Security Awareness/Phishing Protection
- If your users have not had security awareness training, now is the time to educate them on the risks of phishing and clicking on suspicious links. There are currently many attacks that capitalize on the fear and uncertainty around COVID-19. The US Cyber Infrastructure and Security Agency (CISA) has guidance around these attacks.
- Ensure users are running all internet traffic through your VPN. This is essential to ensure that wireless traffic cannot be sniffed through untrusted wireless access points. This includes mobile phones and tablets.
- If you don’t have a company VPN, consider a commercial VPN solution.
Stay Safe & Secure!
Hackers have no morals. When they see an opportunity, they will strike. This means they will take advantage of the chaos that all organizations are experiencing at the present time. Please be vigilant and protect your data and infrastructure. Contact us if you need help.
Wishing you courage and safety in this challenging time,
The CDG Team