A key measure in slowing the spread of COVID-19 is social distancing, with many state and local governments now issuing mandatory shelter-in-place orders. This has resulted in IT teams scrambling to build work-from-home setups for entire companies practically overnight. As millions of people all over the world suddenly need to work remotely from their houses and apartments, we have witnessed the creation of the largest global remote workforce ever.
But moving millions—or even tens—of employees, their computers, and their data from a secure office environment to the home—with minimal notice—presents tremendous data security risks, including simple technical glitches, accidental human error, and malicious/ransomware attacks. Below are our tips to help you cover your bases.
TIPS: Shift to Remote Working AND Keep Data Safe
1. Rely on Trusted Vendors
When setting up your new infrastructure, rely on trusted vendors that have economic stability and offer strong security protocols.
2. Secure Employee Laptops
- Where possible, provide laptop devices so employees aren’t forced to use potentially less secure personal devices for work such as home desktops.
- Secure these devices with endpoint protection measures: install antivirus, automated patch management (such as this from Ivanti) and automated backups (e.g., ShadowProtect).
- Install a strong VPN solution such as WatchGuard, Cisco, or GlobalProtect on every company laptop for a secure connection to the company network. Conserve network bandwidth, if necessary, by using a split-tunnel connection to provide secure access to the corporate network. While connecting to external websites, go through employees’ home networks instead.
3. Protect Business Data
Set up a company-wide policy that automatically saves documents and data to Google’s G Suite or Microsoft O365. NOTE: With only 30 days of retention for files from these services, make sure you add a backup solution, such as StorageCraft Cloud Backup and match your backup frequency to the importance of the data.
- For unstructured data on-premises, set up employees to store their work files on a company-managed file server with immutable snapshots capability, such as StorageCraft OneXafe, rather than their own laptops.
- Take image-based backups of employee laptops—should an employee laptop fail, you can use a backup to restore the operating system, applications, and data to a new laptop in minutes—which sure beats reinstalling everything. This will also recover any data that wasn’t stored to the file share or cloud.
- Redundancy is key, so replicate all laptop and file-server backups to the cloud (ideally a purpose-built disaster recovery cloud such as StorageCraft Cloud Services, which enables swift recovery).
- Your mission-critical data and applications are already backed up, so ensure that the SLA matches the importance of the data and that the data is being replicated to an off-site data center or to a third-party cloud provider, such as StorageCraft Cloud services.
4. Secure the Network
Ensure network security with a tool like Rapid7, Tanium, or Crowdstrike that protects a laptop and the entire network, and also scans for viruses and ransomware as well as for suspicious connections to and from your company.
Again: Redundancy is key. Store server backups onsite and also replicate those backups to the cloud. (Using a cloud provider with DRaaS capabilities will enable you to fail over the entire network, data, and applications should the need arise.)
5. Devices and Remote Users
- Confirm the identity and security state of each endpoint device, being corporate or personally owned, from laptops, desktops, smartphones and tablets
- Control admission based on the user identity and access rights level of trust of remote users and their associated devices
- Allow access based on the resources those users are only authorized to use, being on-premise or in the cloud
6. Provide Remote Support
7. Test and Train
Regularly test your backups and your ability to recover! While having a backup is important, being able to recover all data completely and quickly is absolutely critical for business continuity.
Triple-down on phishing: a successful phishing scam can expose you to ransomware and render all your data useless. Test your network and your employees with tools like KnowBe4 to find the holes in your network protection and to train your employees in being able to spot phishing emails that lay the groundwork for a ransomware attack.
8. Provide Communications Tools
Provide, and enforce the use of, company-wide communications tools for instant messaging, video conferencing, and telephony that are secure. These tools (such as Microsoft Teams, GoToMeeting, and Jive softphone) ensure employees can stay productive, be social, and continue collaboration while still keeping the business secure.