The global pandemic has for many, been the unintentional driver of digital transformation within organisations. Rapid deployment of remote workplace solutions, with a focus on speed of deployment being the priority, critical in ensuring business continuity in a chaotic environment for if not all organisations has been the order of the day. As we adapt to the new norm of distributed networks, it is only appropriate to take stock of how we balance the performance and productivity of our teams versus the security demands in maintaining the integrity of sensitive business data.
We explore some of the key security related considerations for your remote workforce as well as how you can leverage your existing infrastructure to mitigate against broadening the attack vector, that is the paths from which bad actors attempt to gain access to our organisations devices and data all the while maintaining productivity and performance levels in order to stay competitive in your industry.
A key task of IT administrators, patch management focuses on approving and deploying system updates that address performance related issues, provide system enhancements or remedy identified security vulnerabilities that bad actors attempt to exploit in server and PC operating systems. This critical function previously managed by administrators in a controlled environment, using for example, Microsoft Windows Update Services or (WSUS) for example, now becomes more challenging with a distributed workforce, Unitec solves this challenge through our remote monitoring and management platform which is not limited to geography and can be deployed to any device whether in the corporate environment or in the home office, bundled with comprehensive reporting which ensures all your business devices are fully patched and compliant for security peace of mind.
These same principles apply when effectively managing remote worker anti-virus applications, your anti-virus software should be from a reputable cybersecurity firm ensuring that virus signature databases are relevant and kept up to date, that is, updated with latest identified threats. Further, security policies should also be in line with your organisations requirements and that these critical services are in fact running. This is a key challenge to overcome when managing devices outside of the corporate network. Our cloud-based end point security management platform immediately alerts us to anomalies or discrepancies and can easily be remedied through our automation platform, taking the burden out of keeping track of compliance and reporting.
With the proliferation of Microsoft cloud and Office 365 adoption (now known as Microsoft 365) many organisations leverage Microsoft Exchange Online for their email communication requirements, while there are many benefits to a cloud-based email systems, measures should still be taken to safeguard the integrity of this sensitive data. This can be achieved in two ways; firstly, multi-factor authentication is now the status quo for access to cloud resources. This is an authentication method that requires two forms of evidence that the user is in fact who they say they are, typical models use a username and password as well as an OTP or one-time pin code that is sent to the user’s device. If your cloud email does not have MFA enabled, now is the time to implement it.
Secondly, while most cloud email providers offer a baseline anti-spam, phishing and virus filtering service, many attempts from bad actors to gain access to your inbox are still successful, again a reputable spam filtering service, with superior scanning engines should be employed to protect your sensitive data. Unitec offer industry leading spam filtering services for both on premise and cloud-based email services, ensuring external emails sent to users within your organisation are first scanned and once deemed legitimate and free of any virus, malware, or phishing attempts, is only then delivered to your inbox. This level of email security is proving to be key as remote workers are outside the safety of corporate networks where perimeter security firewalls are tasked to block these types of attacks.
IT resources such as enterprise resource planning applications or CRM systems for the most part offer cloud-based alternatives, whether on Microsoft Azure, Amazon Web Services or vendor specific cloud platforms. However not all do, and many organisations still require direct access to corporate networks for on premise applications. This in itself presents a business risk due to the distributed access of remote workers. Critically all access from outside of your organisation’s networks should be led with a security by design principle.
It should be assumed that all remote devices that have access to your organisation’s networks could be compromised and the necessary measures must be in place to mitigate, detect and restrict access in any such case. For this organisations can leverage existing technologies such perimeter security firewalls that have advanced threat management capability by granting remote access to local IT resources via secure virtual private networks, ensuring data traversing the end point and your networks are encrypted and mitigates the risk of interception by bad actors.
As an example, Fortinet’s next generation Fortigate firewalls offer these advanced features without compromising on performance, leveraging unified threat management capability such as web filtering, antivirus scanning, data-leakage protection and more all delivered through their endpoint management application FortiClient ensuring data integrity is maintained irrespective of location. In essence a secure extension of your corporate network.
Finally, there is unfortunately and always the physical risk of a data breach whereby lost or stolen end point devices inadvertently grant access to your organisations sensitive data. What is deemed a baseline standard for remote workers, especially in the POPIA era, your organisations remote users should have a full disk encryption solution employed. This essentially encrypts all device data, as and when it is created so any attempt to interpret this information will be impossible in the wrong hands due to theft of loss of a device. This is made possible leveraging native encryption available, on for example, Microsoft Windows devices, but without any management behind this utilising Microsoft Intune or similar, it becomes difficult for IT teams to manage and report on compliance. Unitec solve this problem by leveraging this native technology with central management and compliance reporting, taking stock of all remote device inventory and ensuring it meets the data protection and encryption requirements, providing peace of mind that any lost or stolen devices do not result in a data breach.
For information on some of the topics discussed in this article or more on remote working solutions delivered through our managed services please contact our team below for an obligation free consultation.