In late April, The US Cybersecurity and Infrastructure Security Agency (CISA) branch of the Department of Homeland Security released a website to help companies protect their employees while working remotely. It includes teleworking best practices from both CISA and the NSA.
Follow these steps to secure your company while your employees work from home.
Install Basic Security Measures At Your Facility
Install these safeguards to increase the security of your network further:
- Anti-malware software on the device and the network
- Intrusion detection and protection systems
- Updates, patches, and secure configurations
- Event logging to identify and investigate attacks
Have Your Employees Secure Their Connections at Home
Here are some additional steps your employees can take to ensure their connection to your network stays secure:
- Change their default password to a long and complex password.
- Ask them to pick a generic name for their home WiFi network.
- Disable WEP and WPA protocols in favor of WPA2 and WPA3.
- Be sure they use only teleconferencing tools that have been approved by your company.
- Check to see if encryption settings are enabled on their video conferencing tools.
Use VPNs to Connect to Your Work Server
Whether you use a company-issued laptop or are using your own, a VPN is essential to maintain your connection’s security. A VPN builds an encrypted tunnel between the network you are accessing and your device. This tunnel keeps other users from reading the data going between you and the system.
Implement Multi-Factor Authentication for Regular Users and Admins
Move away from basic authentication methods as quickly as possible.
Basic authentication sends user credentials over the non-secure HTTP header, which makes it open to various exploits. Most email protocols, like SMTP, IMAP, and POP3, all use basic authentication, and you need to purge these protocols from your system immediately.
Active Directory and MFA are a much more secure combination for authentication and access.
To simplify this process for Office 365 lets you deactivate basic authentication and apply a baseline of alternative security measures right away. Be sure you tell anyone in your network who use legacy emails about this change.
Follow these guidelines to keep your workers and your network secure from end-to-end.