Many organizations are rushing to allow more and more of their staff to work remotely due to COVID-19. However, it is important to always build out any solution with security as a primary focus. Ensure your IT provider is following these basic rules to reduce the risk inherit with allowing access to your network remotely.
NEVER ALLOW DIRECT RDP ACCESS THROUGH YOUR FIREWALL.
Most Secure Remote Option
The most secure option is to never allow a device not under corporate control to access your network. Instead use remote access software like LogMeIn, Splashtop, or TeamViewer to provide an additional layer security.
- Force all remote access users to use multifactor authentication.
- Disable file transfers and clipboard sync.
- Regularly review remote access logs.
Secure VPN Access
Although remote access software is the most secure solution some remote users need access to files and services on the network using their corporate laptop or device. It is imperative that your network is properly secured before any VPN solution is implemented.
- Verify backups are replicated offsite and monitored.
- Verify security services are enabled and firmware updated on your firewall.
- Verify all your servers, workstations, firewalls, and network devices have the latest updates installed.
- Monitor all your servers, workstations, firewalls, and network devices to ensure they are installing new updates successfully.
- Remove local admin rights for all users.
- Force regular password changes, history, and lockout policies.
- Review file and folder permissions. Users should never be granted full control.
- Verify Windows Firewall or an alternative firewall is enabled on all workstations and servers.
- Verify all servers and workstations have antivirus software installed and centrally monitored.
- Configure and enforce Azure Multi-Factor Authentication to secure remote desktop connections. If you don’t have a server to set up a 2FA solution use a service like Duo Security to add an additional layer of security workstations.
- Configure DNS filtering for your network using a service such as DNSfilter or SafeDNS.
Before granting a user remote access. Consider how much access do users really need. Answering these 2 questions will help prevent data loss and theft.
- Should users be allowed to copy files to their home computer?
- Should users be allowed to print to the printers in their home?
Disable these services via remote desktop services on your network.
- Video capture devices
- Other Plug and Play devices
Your network security is only as good as its weakest link. We have found firewalls are often running outdated firmware that has not been updated for years and security services are expired. Firewalls are just as vulnerable to attacks and regular updates are released to address security vulnerabilities. It is important to keep your firewall firmware updated and security services active to mitigate risk.
Best Practices to Secure VPN Access
- Force regular password changes.
- Restrict devices not under corporate control to Remote Desktop and access to only the resources they need.
- Use an SSL VPN to avoid user’s VPN access getting blocked in locations with high security such as airports, hotels, and hospitals.
- Enable VPN timeouts.
Deploy Unified Communications
If you are still using a business phone solution that does not include unified communications, it is past time you have upgraded. Unified communications combines many of the products needed to effectively work remotely into a single package that’s accessible using a computer application, mobile device, or web browser. The core services include phone service, instant messaging, presence information, mobility features, web & video conferencing, fixed-mobile convergence, desktop sharing, and call control.
Benefits of Unified Communications
- Employees can answer calls without being in the office.
- Employees can answer calls without the need to forward to an outside line.
- Customers do not have to change their process.
- Hold meetings with remote employees using web conferencing.
- No need to set up a desk phone for employees working temporarily in remote locations.
- Phone system can be configured with auto fail-over to a backup system.