At the onset of the COVID-19 pandemic organizations around the globe were forced to hastily shift to remote work models in order to ensure business continuity. 2020 became the year of remote work management. This seismic shift was undergone quickly, and with it security took a backseat to establishing baseline functionality. Little did we know then that our rapidly cobbled together remote work setups would turn out to be longer-term arrangements than originally anticipated!
The pandemic has shown that totally dispersed workforces represent a viable opportunity for many organizations to streamline their operations while attracting global talent. Many companies that were originally forced into remote work have decided to largely forgo returning to the office. What does this mean for IT? One major impact is that a large percentage of remote workers have opted to use their own computers for business operations and network connectivity. Companies can require users to authenticate via a Virtual Private Network, but how can they ensure that the company network is safe from threats posed by personal computing?
So, we’re stuck trying to solve the problem of company data protection from internal threats introduced by end user workstations. One option is for organizations to provide their employees with computers, which in turn gives them a higher level of visibility and control. Many InfoSec teams implement default policies on managed machines to ensure that at the time of authentication the workstation is secure. However, most of these solutions only validate the security checks at log in. Following login an end user can easily make local security changes. What happens if a remote worker accesses a website that may infect their computer on a company machine without a VPN?
The clearest takeaway from our experience during this new era of device management is that we need to protect the business side of computer use from the personal side, and the personal side from business.
Here are some key questions every network admin should ask themselves:
- Are device screensavers enabled?
- Screensavers are an important tool designed to protect work when employees step away from their desk.
- Are device screensaver timeouts acceptable?
- Having a screen saver enabled is a good thing. But is it any good if the timeout is set to an hour? This is a significant window where data is open to being compromised.
- Do our company devices have antivirus installed?
- It’s honestly surprising how many home computers don’t utilize simple antivirus tools to protect against a variety of attacks! Less than scrupulous individuals are preying on the increased number of people working from home and attacking personal networks to gain access to company data, so antiviruses are no-brainer solutions all computer users should be deploy.
- Is our antivirus real-time protection enabled?
- Enabling real-time protection is a great way to help prevent attacks on company devices.
- Are our antivirus signatures up to date?
- It’s a great start to have an antivirus installed, but it’s only as good as its last update. When was the last time your users checked their antivirus signature files?
- Do our workstations require a password to log in?
- If our computers don’t require password authentication data is ripe for theft. Passwords are your first line of defense, and every organization device should require one!
- Is the operating system auto-update enabled?
- Just like our antivirus signature files OS updates are filled with critical bug fixes, security corrections, and enhanced features. These need to be constantly maintained to keep the company network secure.
- Are any viruses currently detected?
- How clean is the personal computer that your employee is using to access a company network? Are your users working on systems infected with malware? How are you monitoring employee device safety?
- How many operating systems do your solutions support?
- How many distinct types of operating systems will you see? If your organization is BYOD make sure you can accommodate a variety of OS.
- Are your firewalls enabled?
- Firewalls aren’t perfect, but they significantly limit who can establish a connection into the end user’s computer.
- Is hard drive encryption enabled?
- What happens when you have a stolen computer? With encrypted drives data cannot be accessed via a USB connection.
While some of these security checks can be managed via policies, they only take effect when a user logs in via VPN. However, we know users can change them once they are logged in. This inevitably circumvents the controls put into place. Of course, a Virtual Desktop Infrastructure system addresses this, but saddles the end user with a less than functional experience, including lag times and network disconnects during video conferences, a crucial component of the remote work equation.
So, how can you organization make remote work safe?
Here at Venn we’ve developed a secure workspace designed for remote work that we call the Venn LocalZone. It’s an isolated desktop that runs on a user’s personal device using local infrastructure, but is located in a secure enclave that’s safe from attacks on that computer as well as personal use. Our patented LocalZone technology isolates business data and applications from the device’s local data and applications, and constantly validates user compliance. We’re excited to bring a tool to market that is designed for modern remote work models, and are happy to enable user success and organization safety by protecting business from personal, and personal from business, on unmanaged devices.
Interested in learning more? Book a demo here and let us tell you more about how we help organizations work better remotely today.