As the COVID-19 pandemic continues to spread throughout the world, an increasing percentage of the workforce will be forced to work remotely in an effort to “flatten the curve” of this deadly virus. In preparation for this massive shift, it’s important to take necessary precautions to protect the networks and systems that store businesses’ private, sensitive data.
In this time of need, the Ingalls Information Security team decided it would be helpful to compile a guide businesses can follow and share best practice measures to ensure secure remote access and business continuity during the COVID-19 pandemic crisis.
First, it’s important to identify essential business functions, jobs or roles, and critical elements required to maintain business operations. Your team will need to prioritize remote access for these critical functions. In addition, you’ll likely need to actively source any additional hardware needed for staff members to manage day-to-day operations. If applicable, procure sufficient remote connection licenses and increase bandwidth/firewall/remote access capacity to allow for the added traffic you’ll see once the changes have been made.
Communications on external networks require encryption because they are susceptible to interception and modification. Ensure secure remote access connection by using a Virtual Private Network (VPN). When doing this, you’ll need to make sure you update all VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.
In order to avoid external threats, any remote access to sensitive information by employees or partners should require more than a simple username and password. Secure remote access authentication by enabling multi-factor authentication (MFA). Personally owned devices should be held to the same standard of security as devices on the internal network. Have someone on your team monitor remote access connections for anomalous activity that could be an indicator of compromise (IoC).
Before you jump into remote work and assume that technology and processes will perform perfectly (they won’t), we recommend stress testing your remote capabilities. Go through several phases of tests with a small group to ensure your communication, storage, permissions, backups, and any other critical functions are working properly and remaining secure.
Another aspect of implementing a remote workforce is providing employees instruction on how to remotely access their systems. Ideally, your management or IT department can help create a written document outlining proper procedures and protocols.
Keep your employees on the lookout for signs of social engineering, particularly since fraudulent emails about the coronavirus are likely to increase. These emails (phishing emails) may either have infected attachments or link to malicious websites. Instruct employees to exercise special caution with coronavirus related emails.
Here are a few tips for employees to avoid fraudulent emails: