COVID-19, Work Remote Securely
LeeShanok Network Solutions supports the CDC’s recommendations of transitioning workers to home offices and our company has followed suit. This strategy can help your business stay afloat and your customers happy as opposed to a “shutting the doors” strategy. IT security remains a top priority to keep workers connected and company data safe.
Connecting remote workers: Your people working remotely need access to programs and data that reside at the office. They may also need to run software that is installed with licenses on computers in your office. Then they may need access to office printers, scanners or fax devices. Their data will change daily and needs to be backed up.
There are two connection models to consider, the first connects a remote device to the company domain, allowing folder and file access to personal and shared drives, various domain services, access to office printers, scanners and fax devices, and access to license servers to run licensed apps. The next model connects a remote device to an office-based computer or remote access server where a remote worker can run programs on the company computer, but the display is “beamed” out to the remote device as if the remote worker is sitting at the company computer.
VPN: Securely connecting to the office network is best done using a VPN connection (red line in diagram below), which is a secure private connection between your remote computer and your office domain. This requires your firewall to be configured with an SSL Certificate. However VPN security is limited by IPSEC, which is pretty old technology.
SSL VPN: To increase VPN security, consider adding an SSL layer with connection software like Cisco AnyConnect. This uses public-private key cryptography with long encryption keys that are very difficult to break.
Multi-Factor Authentication: In case a remote computer falls into the wrong hands, prevent non-employees from using pre-configured connection scripts on a remote computer and gaining access to company assets by adding multi-factor authentication using an app like DUO, and enabling it in any important cloud accounts.
Remote Desktop: This is useful when you have data on your office computer that you need at home, or if there’s software installed on your desktop computer that isn’t installed on your home computer. It’s best to involve your IT department or LeeShanok to set this up in your company domain and firewall. Your user account needs to be added to a VPN security group if configured. Port forwarding needs to be set up with connection to your desktop PC. Remote Desktop needs to be enabled on your office computer. Finally your remote computer needs you to enter the correct URL and port to connect to your office computer.
Tips for Remote Workers
Free Wifi: It is better to work from your home than in a location with “free wifi”, which often has little or no security, and where others connected can launch attacks against your device.
Phishing: Watch for suspicious emails sent from someone you don’t know, or with a subject you weren’t expecting, and do not open attachments or click any links in the message. Especially common are urgencies (only 24 hours left), promises (a $10k watch for $100), and threats (sign in or your account will deactivate). While working remotely, you won’t have such easy access to colleagues who can help evaluate an email.
Backups: While at the office, it’s likely your user profile has been re-directed onto a server where centralized backups are performed automatically. But while working at home, it’s important to back up your data regularly, or better yet to copy any saved files onto the server so it can be backup up as usual. Cloud drives can be configured to automatically sync with your local file system so they are always up to date. Also make sure Volume Shadow Copy Service is enabled to provide you “previous versions” of all folders and files on your computer.
Single number reach: Where possible, add the remote worker’s mobile phone to their extension in your phone system, and configure it to ring concurrently when someone calls their office extension. With concurrent ringing of both devices, fewer calls will be missed than when the cell phone rings after 3 desktop phone rings.
Printing: Consider purchasing a cheap printer for home use during this time. Otherwise you can print to the office printers when you connect via VPN or SSLVPN.
- Never use WEP or WPA security. Always use WPA2 which is far more secure encryption.
- Change the default password for the Admin account, don’t lose the new password.
- Consider not broadcasting your Wifi SSID so those not connected won’t see your Wifi. This will require you to enter Wifi information on each device you connect to your Wifi.
Further reading: Here is a short but interesting Cisco article The Basics of Working from Anywhere.
For a confidential discussion of your company’s situation and goals, give us a call.
Your technology Partner,
The LeeShanok Team