Even outside of the remote environment and times we’re in security is always vital to an IT infrastructure in terms of ensuring it’s up to date & maintained appropriately. While we’ve certainly seen a spike in security concerns amidst this whole work-from-home culture we always suggest reviewing your IT’s security policies and looking for ways to improve. Ultimately the goal is to secure your environment from data, employee access, and so on. All while finding a balance of convenience and having your user base understand the importance of said policies.
Here are some of our top recommendations to look to put in place across your organization’s IT stack.
2FA or Multi-Factor Authentication
Enforcing a security measure known as 2FA (2-factor authentication, multi-factor, 2-step verification) does as the name implies. It adds a 2nd hurdle when logging into specific apps under certain circumstances. A common use case would be when an employee signs in to your G-Suite inbox for example from a personal laptop or a location they don’t commonly sign in from (let’s say while on vacation) the app will prompt for a code that’s generated via an app or texted to their cell phones. This randomly generated code serves as a 2nd password of sorts to verify you are who you claim to be.
Many apps nowadays allow for this feature to be enabled and in some cases enforced. Such as:
To name but a few, this tremendously helps with preventing unwarranted access to an account. As if the intruder gets access to your password they’d still need the 2FA method to verify access. Making it one of the most secure methods to help lock down accounts. We suggest setting up some sort of enforcement policy for major apps such as G-Suite in order to get everyone enrolled. Many apps offer multiple ways to store said 2FA keys making it easier than ever for end-users to manage.
You’d be surprised the number of passwords left as something simple for convenience sake, written on post-it notes at a user’s desk, and so on. Given these are the first barrier of entry to accounts & even company hardware it’s important to have security policies in place to protect passwords across the organization.
Here are a few of our tips:
Enforce standard password policies/compliance standards (HIPAA, SOC2, etc)
Common requirements for apps such as-
Enforce Password History policy.
Minimum Password Age policy.
Maximum Password Age policy.
Minimum Password Length policy.
Passwords Must Meet Complexity Requirements policy.
Meaning users need to ensure the password they use is up to par or that apps enforce said requirements. Certain character length, complexity (Letters & symbols), and so on.
- Provide a way to easily manage logins (Shared & Personal)
- Tools like 1Password, LastPass, DashLane are all ways to provide password management across your organization. Making setting up & remembering secure passwords not just easier but more secure overall. With password manager users simply remember their master password to the app there-in providing access to the majority of the other logins.
Proper Network Configuration + Security Settings
We’ve often seen this with networks that were set up without IT’s involvement where certain settings or configurations just lead to potential risks down the road. Given that your network has the potential to provide access to any on-premise devices (servers, network drives, user devices) it’s important to ensure your team has properly configured your setup to have security in mind.
We suggest checking the following:
- Ensuring proper wi-fi settings are in place (Password + Setup)
- Having at least WPA level encryption on your wireless network is important at the bare minimum to ensure you have a password protecting access to the network. At a higher level, there are certainly more secure encryption levels & standards that will be required based on your companies policies
- Ensuring proper equipment is deployed
- Outside the pure configuration & settings aspect, it’s important to first be to confirm your team has proper hardware in place. Things like firewalls or enterprise-grade routers all help play a part in protecting your overall network. So ensuring your team has done their due diligence on what hardware they’ll require & will scale with them.
- Setting up a “Guest Network”
- Again concerning a network, ensuring that outsiders or visitors to the office don’t simply get access to the same network many other confidential devices may be on is vital. By implementing a guest network you can have external members access said wi-fi for browsing needs and so on while isolating your main network.
- Virtual Private Network
- We talk about it a lot here at Network Right & for good reason. VPN or Virtual Private Networks can be vital in certain setups to allow for safe transmission of data & a way for users to connect to resources outside of the corporate network. We often see this setup as a way to provide employees access to company-related data/tools when let’s say working from home as an example. Overall even in a none remote climate, having VPN never hurts! It’s a great way to train yourself to personally tunnel your traffic when using public networks and protect your privacy/data. As the name entails it creates a secured & often encrypted tunnel for you to browse from point A to B.
Device Management System
A big one some companies may not consider especially early on as they build out their fleet of devices (be it mobile or desktops/laptops) is how they manage all of it. What do you do when an employee who has sensitive data on their machine has their device stolen or lost? This is where we recommend a mixture of systems to best prepare & manage these future issues.
- MDM or Mobile Device Management
Another big part of what we help set up & manage for our clients is a tool known as an MDM. This allows us to help manage mobile devices be it iPads, Android phones, or even Macs & PC’s. This lets us set up tools to provision them out the box but most importantly do a couple of things from a security standpoint.
- Allows us in some cases to remote wipe or lock down a device if lost/stolen
- Allow us to track the location of devices
- Allow us to push important security updates/patches org-wide in event of major breaches
- Gives us a running inventory of how many devices we have in the fleet
- Makes onboarding/offboarding that much more seamless
All in all MDM’s are great tools that serve multiple purposes but one of the biggest hands down is improving security & inventory management needs for companies.
These are but a few of the tips & policies we’ve helped implement in our client’s workflow & stack of tools. However there all vital nonetheless to ensuring your team & their data are safe. Security while sometimes coming at a cost or inconvenience for an end-user is for the greater good. As your company begins to scale, prep for compliance, and so on it should always be something you’re ensuring you update to date & following the best practices.
If there’s anything mentioned in the article your team/company wants help implementing in your environment, don’t hesitate to reach out to firstname.lastname@example.org for more info!