23 Apr Esq. Jonathan Cartu Claims – 10 Top Tips for IT Pros Working From Home
IT professionals are facing a tough situation because of the coronavirus. Not only are most of their users now working remotely, but much of the infrastructure those users rely on is either in the cloud managed by third parties or trapped back in the office, a place you’re no longer supposed to visit. At no time in IT’s history have networks and IT resources been more distributed, and that’s making things a lot more difficult for IT pros who are also trapped at home.
Whether you’re an enterprise or a small to midsized business (SMB), your users are likely accessing their tools via cloud services managed by third-parties, virtual infrastructure also residing in the cloud but managed by you, and odds and ends of legacy equipment that’s still living at the office. Worse, some of those users are probably starting to use infrastructure living on their home networks to complete tasks or store their work, and that’s stuff you can’t even see. That’s a lot to tie together securely with today’s remote access tools, and it’s also a difficult load to manage if you’re running the business’ help desk. If you’re facing all or part of these challenges, here are 10 tips to help.
1. Secure Every Connection
A virtual private network (VPN) connection may be secure against an external attack between a user’s home and your corporate network, but unless both networks are also secure, you have holes. If someone can log into a home user’s network, they may be able to use the VPN connection to attack the corporate network as well, especially if the user is leaving that connection up while they’re not actually working. Not only that, but once on the corporate network, a sophisticated attacker could also access all the other home networks connected to your central office system.
Make sure there are VPNs and remote access gateways between as many connections of your distributed network as possible, and let users know to only engage those connections while they need them. You can create a document and make sure they all have it, hold a webinar where you explain the problem and teach them how to protect themselves, or simply work with them one on one over the phone if your user count is low enough.
2. Secure Those Home Networks
Many users, especially those living in the suburbs where neighbors can live out of Wi-Fi range of each other, still give their home network security short shrift and instead rely on basic PC-resident firewalls and antivirus software to protect them. At a minimum, you need to educate these users on how to reconfigure their routers for better security and if they need help doing so, then provide that help over the phone if necessary. If possible take even stronger measures.
For example, most business-grade routers allow for separate users to have different permissions and access to different network resources. However, most users won’t know that their home wireless routers likely have the same capability even if it’s configured in a different way. Work with users to find out what router they’re using (help with that below), how it can be used to segregate corporate traffic from other home or guest users, and then help them configure it that way. Another option, if you’ve got budget, is to add a second box, preferably a wireless VPN router, to each home network, with only the corporate employee as an authorized user.
3. Keep Track of Identity
When everyone is working remote, it makes a lot of sense to focus on your identity management practices. It’s probably too late to install a whole new identity management system, but it’s a good idea to dig into the documentation for whatever solution you’re using and look at what other features you can enable to help keep users and your resources secure. For example, if you haven’t yet enabled multi-factor authentication (MFA), now would be a good time to set it up, Also look at your best practices.
For occasional use, many network managers use one network account for both internal network use and remote use. However, for a long-term, fully remote environment, it makes sense to have separate accounts, to make sure that internal resources aren’t exposed via remote connections unless absolutely necessary. Additional user management software can also make sure that remote users can’t connect to the corporate network without certain criteria being in place. That could include the latest version of the antivirus signature file, that certain security options are set properly, and even that certain software is, or is not, installed.
4. Standardize Home Routers
It’s difficult, but if it’s at all possible, you should work hard to standardize home routers as much as you can. Home users who have purchased their own routers will probably buy the most inexpensive or readily available box; however many urban internet service providers (ISPs) provide default routers these days along with the cable modem, so it also pays to find out what those are and obtain the appropriate documentation.
And while it’s expensive and will take time, it may well be worth your while to select a router with management features you like that can be pre-configured, and then shipped to each home user. This is much simpler than supporting a dozen or more separate models, even if you can remotely log into them, which is often difficult to set up while maintaining security, especially with cheaper, low-end routers. If you have trouble justifying the expense, remember that this work-from-home scenario may very well become permanent for many businesses at least for a significant percentage of their employees. Viewed through a long-term lens, changes like these can make a lot more fiscal sense.
5. Management Software Is Your Friend
Harried IT professionals often don’t dig into all the capabilities of their management tool set, focusing instead on just those features they need to get through a typical day. However, your typical day has changed, so it makes sense to take another long look at exactly what’s in your tool box.
Desktop configuration management, network monitoring, identity and user management tools, and even endpoint protection suites all contain features, often highly sophisticated, that directly pertain to remote access and remote management. That means you can implement advanced user and security features while reducing or…