IT: Security for corporate devices.

If workers use organization-provided computers, phones, tablets, or network devices for work-from-home access, make sure your security systems still meet your goals when work is done outside of your office perimeter. Consider these steps:

  1. Install an MDM ‘agent’ on remote devices. If you have a mobile device management (MDM) tool, deploy an agent on remote devices, too. You have extra visibility, you can confirm security settings, and you’ll have the ability to wipe a lost or stolen device if needed.
  2. Verify security tools. Check that corporate tools like anti-malware, patch management, and DNS filtering work off-site just as they do in your office. Keep an eye on updates and watch for systems that ‘disappear’ from your management consoles – a system that doesn’t report back may be a sign of compromise.
  3. Check your passwords. Run a password test on your current Active Directory hashes to identify weak passwords that could be cracked by a brute force attack against remote workers.
  4. Push MFA. If you don’t already use multi-factor authentication (MFA) for your VPN, email, internet-facing applications, and cloud-based services, start using MFA now. No single action you can take will do more to prevent credential attacks than MFA.
  5. Use encryption and VPNs. Encryption protects sensitive data if a corporate computer is lost or stolen – theft risk goes up when devices leave your facilities. VPN use can limit how much of your organization’s data resides on devices outside of your corporate offices.
  6. Increase monitoring. You’ll boost your monitoring abilities if you can install your organization’s MDM agent, anti-malware, and/or DNS filtering on remote devices. Network and VPN access will create log entries, too, but you may miss risky events if you aren’t centrally logging security details and then actively monitoring activity.

Even if you provide equipment for work-from-home staff, it takes time and effort to keep those systems secure. However, if you can extend your in-office cybersecurity tools and practices to cover remote workers, you’ll be better prepared to keep risks under control.