If you’re an IT professional, chances are you’re working remotely with your users, supporting them at home while still managing your on-premises infrastructure. If you’re struggling with the usual new epidemic, here are some simple tips to help you.
IT professionals are facing a difficult situation because of coronavirus. Not only are most of their users currently working remotely, but much of the infrastructure that users rely on is in a third-party managed cloud or stuck in an office where you no longer have to go. There’s no time in IT history where it’s more distributed, and that makes things a lot harder for IT professionals who are also stuck at home.
Whether you’re a business or a small and medium-sized business (SMB), your users have the ability to access their tools through third-party-managed cloud services, virtual infrastructure is in the cloud, but managed by you, the odds and end of device inheritance are still alive at the office. Worse, some of those users may be starting to use the live infrastructure on their home network to complete tasks or store their work, and those are things you can’t even see. It’s a lot to link together securely with today’s remote access tools and there’s also a load that’s hard to manage if you’re running the business’s help desk. If you’re facing all or part of these challenges, here are 10 useful tips.
1. Secure all connections
A virtual private network (VPN) connection can be safe from external attacks between a user’s home network and your company’s network, but unless both networks are secure, you’ll have vulnerabilities. If someone can sign in to a home user’s network, they can also use a VPN connection to attack a corporate network, especially if a user stops it while they’re not actually active. Not only that, when entering the corporate network, sophisticated attackers can also access all other home networks connected to your central office system.
Make sure there are VPNs and remote access ports between as many connections as possible in your distributed network and let users know only those connections when they need them. You can create documents and make sure they all have, organize web conferbies where you explain problems, and teach them how to protect themselves, or simply work directly with them over the phone if your number of users is low enough.
2. Secure those home networks
Many users, especially those living in suburbs where neighbors can live outside each other’s Wi-Fi range, still lack their home network security and instead rely on basic firewalls and antivirus software for computers to protect them. At a minimum, you’ll need to show these users how to reconfigure their routers for better security, and if they need help, provide that help over the phone if needed. If possible, take even stronger measures.
For example, most enterprise-level routers allow separate users to have different permissions and access to different network resources. However, most users will not know that their home wireless router may have the same capabilities even if it is configured in a different way. Work with users to find out which router they’re using (help with that below), how it can be used to separate company traffic from home or other guests, and then help them configure it that way. Another option, if you have a budget, is to add a second box, best to a wireless VPN router, to each home network, only with company employees who are authorized users.
3. Identity tracking
When everyone is working remotely, it makes sense to focus on your identity management methods. It may be too late to install a completely new identity management system, but you should carefully document any solution you’re using and consider what other features you can turn on to help secure your users and resources. For example, if you haven’t turned on multi-factor authentication (MFA), now would be a good time to set it up. Also, take a look at your best methods.
For in no routine use, many network managers use a network account for both inland and remote use. However, for a completely remote environment for long periods of time, you should have separate accounts to ensure that internal resources are not exposed over a remote connection unless absolutely necessary. Additional user management software can also ensure that remote users cannot connect to a corporate network without certain criteria. That may include the latest version of the antivirus signature file, certain security options are set properly, and even certain software that has or hasn’t been installed.
4. Standardize your router at home
It’s hard, but if possible, you should work hard to standardize home routers as much as you can. Home users who have purchased their own routers will probably buy the cheapest or available boxes; however today many urban internet service providers (ISPs) offer default routers along with cable modems, so finding out what it is and obtaining the appropriate documentation also pays a fee.
And while expensive and time-consuming, it may well be worth it for you to choose a router whose management features you prefer can be preconfigured, then shipped to each home user. This is much simpler than supporting a dozen or more separate models, even if you can remotely log in to them, which is often difficult to set up while maintaining security, especially with cheaper, low-end routers. If you have difficulty justifying costs, keep in mind that this homework scenario is likely to become permanent for many businesses, at least for a significant percentage of their employees. Looking through the long-term prism, changes like this can have far more financial implications.
5. Management software is your friend
Experienced IT professionals often don’t dig into all the capabilities of their management toolset, focusing instead on what features they need to get through a normal day. However, your typical date has changed, so you should consider exactly what’s in your toolbox.
Desktop configuration management tools, network monitoring, identity, and user management, and even end-point guards all contain features, often very complex, that are directly related to remote access and remote management. That means you can implement advanced user and security features while reducing or even eliminating the need for on-1 er desktop access without changing the tools you’re using. The management system can also ensure that all users have the same version of VPN software, signature files, encryption and authentication keys, etc. and after that decision is made, even automatically update the outdated version of the software or file.
Such capabilities are also useful if you are managing infrastructure in an office that is now abandoned. While some issues will require on-site visits, most can be solved remotely using the right infrastructure management software. In addition, enterprise-class devices, especially routers, switches, and servers, will often have very complex remote management options included as part of their own systems. It’s also worth investigating and implementing if you haven’t. Some, such as hardware add-on tags that allow remote server restarts, may cost extra money and require at least one on-er spot access to install; but when you make that investment, you’ll have a whole new set of tools with possibilities available to you from anywhere. Just make sure to fully understand these capabilities and turn on the right security settings to keep your perimeter solid.
6. Encryption is key
Be sure to encrypt the data at stand-off as well as on transfer. If a user is storing data on their local home system, make sure that the data is in a separate user account, and then equip that account with encrypted folders. Many home systems will have multiple users sharing a single login account, which is certainly not optimal for business security. Not only are teen users downloading music capable of accidentally installing malware on their PCs, but the bad guys behind that code will now have access to all the company’s data on the system unless you protect it.
7. Standardize cloud services
Many organizations have collaboration software or other cloud productivity applications set up by individual departments, resulting in multiple applications performing the same basic task within an organization. For IT administrators who have been inundated with new remote access issues, this is not the best setup. Fortunately, because these services are in the cloud, choosing and moving to a single service is workable even when people are working from home. This can be a lengthy process, but it works by reducing overall management issues, minimizing your attack surface for better security, and even reducing costs.
Also, while moving the system, you’ll probably find that there are more settings and options on less-used but not optimal services when seen from an IT pro perspective. An example is the tv conference application, such as the current Internet application, Meeting Zoom. Many home users are connecting via Zoom because they have met it on social networks. But those users may not realize that conferences set up with the default setting in Zoom don’t require meeting passwords. That may be consistent with the department chief’s virtual birthday party, but it left a security flaw for more sensitive communication, like the annual corporate strategy meeting.
8. Beware of defaults
Many businesses, especially small and medium-sized businesses, are operating as if the coronavirus’s on-site shelter lifestyle really doesn’t differ much from working in the office. The popularity of Wi-Fi networks and cloud services are the most obvious culprits. When they plug in the laptop, the network will appear and their services are there. But that is seen from the user’s point of view, not that of an IT professional. You can’t leave your overall network system with old configuration settings and simply assume that the user’s home Wi-Fi and a range of third-party cloud services will crash.
End-to-end protection, large-scale remote access, cloud backup services, online file sharing, remote printing – all of this is just some of the systems you may have used a few months ago that need scrutiny and maybe some configuration adjustments to work best now as your users are spread out. Virus updates need to be automated and verified; remote access identities need to be catalogued, controlled and enhanced with MFA; Data should be stored in folders that are easily backed up on local devices both automatically and through policy. All it takes is an IT professional to investigate and test, followed by clear communication, documentation, and automation for users.
9. Reconsider priority review
The lives of people working remotely differ from when they work in the office, which means they depend on different tools or maybe just more tools than before to get the job done. IT needs to keep pace by prioritizing certain key applications, for most companies that will include online collaboration solutions, like Microsoft Teams, as well as voice applications via IP (VoIP) and video conferences. These platforms will become more important than ever not only so that employees can communicate with each other, but also so that they can stay in touch with partners and customers.
Many departments may be accustomed to choosing their own collaboration or instant messaging software, which means they may be using free versions that are widely available. Now that businesses depend on these apps more, that’s not safe enough, even if properly set up. Consider selecting standard services for the company, recording the appropriate setup, and distributing it to all employees.
10. Stay flexible, take your time
Sure, the epidemic hit us all pretty quickly, but now that the initial dust is settles, keep the mentality and do everything right. Your original disaster recovery plan may not be quite right for this unique situation, but so far you’ve used what’s possible from it and left the rest. That’s all right. As they say, no battle plan exists in contact with the enemy; and that is especially true in this case. It will take time to sort things out, even if the organization is widely distributed and has a good security policy before the epidemic. But now that you’ve realized certain aspects of your old system will need to change, take the time and do it right.
It’s important to put those changes into effect quickly, but it’s more important, even more important, to make those changes correctly. And an important part of that is communicating and documenting effectively. Not just to set up a new service, but even for everyday tasks. When a problem is resolved, distribute the solution to all support personnel with a full description, to ensure that efforts are not duplicated and incompatible solutions are not offered. Keep channels among IT staff open and ensure regular and regular meetings to discuss their problems, frequency, priority, impact, and final solution. This is important not only to keep things running efficiently while the epidemic is going on but also when things get back to normal and you go back to the office and try to decide how to revise your network – and that happens.