As workforces are mandated to telework in an effort to contain the spread of the COVID19 virus pandemic, At these challenging lock downtimes, almost all the organizations are enabling work-from-home, if not getting ready with the required ICT, Security Cloud infrastructure. Most of the workforce working remotely, and for these types of remote workloads, many of the organizations are not ready and finding it difficult to cope.
VPN Servers to App Delivery to VDI Infra, collaboration tools for all of them their security and availability, performance has now become a critical backbone for organizations. Employees who have never worked remotely are told to work from home or WFH. For many organizations and individuals, this is unchartered territory.
With this blog post, we would like to bring to your notice – a few important cybersecurity risks that a remote workforce may present and some best practices for mitigating those risks.
Whether as part of standard work program or as a component of business continuity plans, for Organizations engaging in telework we would recommend to start with a defined policy – ex ‘Work from home Policy, BYOD policies’- addressing the scope, roles and responsibilities, and mandatory infosec and organizational specific guidelines.
Our recommendations are :
- VPN Server security and their up-to-date patching
- Enabling Multi-Factor-Authentication for VPN Accounts and user logins
- Application Delivery Controllers and enforcing end-point mandatory compliance checks
- SaaS applications and data, service access protecting with conditional access and logging.
- Ensuring Mobile Device and Endpoint Management security practice in place for corporate and personal (BYOD) devices.
- PKI And TLS Security for Document Signing, and Secure email SMIME protection.
- Tightened email phishing and spam protection measures.
- Must MDR/ End-point-security software for all the devices.
- Configuring and limiting maximum load provision, auto-provision setting with your cloud infrastructure/ to protect against misuse.
- Engaged threat detection, monitoring, protection systems in place for data and Services protection.
- Ensuring compliance and regulatory standards.
- Recoverable Backups and working HA systems.
- And more importantly, given the social-engineering aspect of most attacks, end-user education is more critical than ever.
Need of the hour for many is to enable work-from-home to their employees and to ensure business continuity during these pressing times, it is important to ensure cybersecurity recommendations are taken into consideration to avoid any superimposed security incidents that are very much prevalent these times.
Amid the COVID-19 crisis, In order to help organizations setup required infra and protect remote employees faster, In coordination with our product vendors we are stepping it up and offering some of our products and services free of charge for a limited time. Including support services to help companies through the set-up and deployment processes.