Tips for security administrators during the COVID-19 pandemic

We have seen a massive increase in the number of employees working from home due to the COVID-19 pandemic.

System administrators must ensure that employees can still securely access corporate resources. The transition to the cloud both for corporate activities (Office 365, G Suite) and for service hosting (AWS, Azure) has relieved some pain from the situation. Below you can find some tips to make the work-from-home experience easier and more secure for employees.

Set up a secure remote connection

The most common secure connection method is a VPN. Using either a physical VPN server or a trusted VPN provider, admins can allow access to corporate resources or protect traffic as it flows through the Internet. If admins need remote access to servers, an SSH tunnel using key-based authentication could be utilized.

For corporate network access, another option is to use a Remote Desktop Protocol (RDP) gateway. RDP gateways allow for secure remote desktop access to internal resources.

Never expose RDP (port 3389) directly to the Internet. RDP should only be accessed through an internal network via a device such as a jump box.

Enable MFA on all corporate accounts

Admins should enable MFA wherever possible. This includes the remote connections mentioned above and any services such as Office 365 or G Suite. The MFA token should be delivered either via an authenticator app or via SMS.

Using SMS verification codes is not best practice, though something is better than nothing during emergency conditions such as this.

Disable admin rights on corporate computers

This is a security best practice and is even more important right now. Disabling admin rights prevents the installation of unapproved remote connection software such as TeamViewer. It will also prevent users from circumventing security protocols on endpoints.

Prevent cloud document sync/download to personal devices

In order to keep corporate files controlled, cloud sync should only be enabled for approved devices. If corporate data is stored on personal devices that do not meet the security standards of the organization, that data is at risk.

In Office 365, you can restrict SharePoint and OneDrive sync to specific domains:

https://docs.microsoft.com/en-us/onedrive/allow-syncing-only-on-specific-domains

G Suite offers several options for syncing and device management:

https://support.google.com/a/answer/7496409?hl=en

Educate users about phishing

Phishing attacks will certainly increase with a lack of face-to-face communication. Users should be informed about the likely increase in attacks via email, text messages, and phone calls. Before fulfilling any request out of the ordinary, users should confirm its legitimacy with the requester via a different communication channel.

At the least, a memo should be sent out to all users. A training slide deck may also be used for user education.

We are currently living and working in an unprecedented environment. Fortunately, technology has made this transition easier. Securing this technology helps ensure the viability of our businesses and the jobs of the employees during this period of uncertainty.

Other helpful resources

SANS is a highly respected organization at our firm. They’ve released a “Security Awareness Work-from-Home Deployment Kit” at no cost that includes deployment guides and tip sheets.


Contact

Questions about security when working from home or how to respond to Coronavirus? Contact us here! We’d love to chat with you and see how risk3sixty can meet your organization’s needs.