As organisations continue to deliver remote working solutions to enable business continuity, the question arises whether their security has been put at risk. Of course, getting users connected was the immediate priority several days ago; but IT teams must now move focus to the critical activities that ensure their business is not at risk.
Failure to make this move will quite simply play into the hands of the many individuals and organisations that are viewing this virus as the perfect opportunity to attack organisations before they adapt. As always, those who adapt fastest will reap the rewards. Those who are slowest to adapt, well Darwin explained the results of that far clearer than this article possibly could…
So, what does this mean? IT Teams across the UK and beyond have been applauded in their efforts to get users working from home in a very short period of time, many technical resources working incredibly long hours, and immense pressure, to achieve this. But we are now in the position where we must manage and support a new distributed user model, and in many cases the use of non-corporate machines and insecure network ingress points connecting to corporate systems and data. The risks, not least to critical corporate data, are significant.
Security should always be a balance of technology and user experience but should also include process and user awareness. Below are a number of immediate steps that organisations should consider.
- Ensure that your password process / policy is fit for purpose, including password reset process
- Enable Multifactor authentication on web email, remote access VPN.
- Securely configure infrastructure, network, and cloud services.
Helpdesk – Incident response.
- Update user verification procedures to avoid scams.
- Ensure asset inventory is continually updated. (Laptops, mobile devices etc.).
- Ensure daily checks for successful completed backups.
- Test restore of critical services and ensure encryption is enabled.
- Ensure all users save files on network share / or approved cloud document storage.
- Prevent physical printing and enforce electronic documents with e-signing instead.
- Ensure encryption is enabled.
- Enforce 5 minute screen timeout with password prompt.
- Ensure the latest security and firmware patch updates are installed
- Ensure the latest anti virus updates are installed
User Awareness & Culture
- Be vigilant of scam emails or scam calls relating to the virus outbreak. Delete immediately. Do not click or open.
- Report any security incidents (scam emails, scam calls or virus etc.) to your helpdesk / security team.
- Be sensible – and follow your security policy. That is be professional at all times.
- Adhere to email and internet acceptable use policies.
- Lock workstation / laptop when walking away.
- Report any lost or stolen devices including mobile phone and laptops to the helpdesk.
As the market continues to redefine business requirements for End User Solutions, Intelligere will be continually reviewing solutions across the market. We put user experience at the heart of what we do, from visualisation to execution, we never lose sight of the end goal: A stable, reliable environment for your End-Users.
Why work harder than you need to? Get in touch today to discover how we can support you to deliver a truly exceptional end user experience.
Martin Powell – CTO