NC May-Jun 2020
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
FEATUREREMOTE WORKING<br />
loss protection is key, as now the corporate<br />
machine is most likely to be exposed to<br />
threats upon the home network. Finally,<br />
protecting the endpoint is not just about<br />
cybersecurity, but also physical security.<br />
Ideally, the same policies should be<br />
executed at home, such as screen locking,<br />
invoking MFA for laptop access and<br />
securely storing the laptop when not used.<br />
USER ACCESS<br />
To enable remote working, users require<br />
access to applications. Typically, access<br />
is granted with a username-password<br />
combination. However, multiple<br />
applications require users to remember<br />
multiple passwords which, if they forget,<br />
can lead to locked accounts or end up with<br />
users writing them down. A single sign-on<br />
solution (SSO- identity provider) can<br />
resolve most of these issues, but ideally<br />
multi-factor authentication (MFA) should<br />
augment the login process, as an SSO<br />
solution allows a single password to access<br />
a plethora of applications.<br />
EMAIL SECURITY<br />
All too often email security solutions allow<br />
a phishing or similar bad email to be<br />
delivered to a recipient. These may have<br />
a bad payload or embedded link to a<br />
compromised site. Hackers are getting<br />
more imaginative on setting up new email<br />
domain and locations, in order to send<br />
their spam messages. The best piece of<br />
advice is, if in doubt, delete the email. If it<br />
is someone you do not know or conduct<br />
business with, delete the email. If the sender<br />
persists, pass it to your IT security team who<br />
can check the message for validity.<br />
Aside from the technical working<br />
environment, the physical working<br />
environment also needs to be considered.<br />
The level of focus that employees have in<br />
an office takes time to develop in a home<br />
environment: patience, dedication and<br />
routine are not achieved overnight. The<br />
home environment can provide<br />
distractions you might not otherwise have<br />
in the office, which can lead to human<br />
error. You attach the wrong version of a<br />
file, or send it to the wrong person, and<br />
there is the breach. That's how data leaks.<br />
It is a situation that is less likely to happen<br />
in an office, as there is less distraction.<br />
Hence, alongside antivirus and endpoint<br />
protection, businesses also need data<br />
governance and data loss prevention<br />
solutions. Generally, employees are not<br />
focused on security when doing their job<br />
and that is understandable. Lack of focus<br />
on security is even more prevalent in<br />
environments when they are juggling<br />
several other priorities at once.<br />
This is why tools that can enforce and<br />
educate the security policy interactively are<br />
so much more important. By controlling<br />
what users can access and then, in turn,<br />
what they can do with that data once they<br />
receive access, you can ensure that it is<br />
not going to be subject to those minor<br />
human errors. This can stop the accidental<br />
attachment of the wrong version of a file,<br />
provide a reminder to check the recipients<br />
of an email and stop data transfer to<br />
external media to work on it on home<br />
devices, all of which can help prevent<br />
breaches.<br />
Finally, having clear, defined policies and<br />
guidelines for staff ensures a smooth and<br />
trouble-free remote working deployment.<br />
Provide education sessions to reinforce safe<br />
working practices from time to time and<br />
support staff who are completely new to<br />
this concept. Teach them about physical<br />
security, as well as cybersecurity, as they<br />
both go hand in hand with a successful<br />
remote access strategy. Lastly, detail a<br />
simple escalation path for when things may<br />
and do go wrong. In this way, mitigation<br />
steps can be applied quickly and any<br />
potential damage is limited.<br />
Remote working during the current time<br />
is essential and highly beneficial, so the<br />
need to ensure your business is secured<br />
during this time is crucial. <strong>NC</strong><br />
Phil Underwood, Chief Information Officer,<br />
SecurEnvoy<br />
Chris Cassell, Technical Specialist,<br />
SecurEnvoy<br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards<br />
MAY/JUNE <strong>2020</strong> NETWORKcomputing 29