With more and more companies managing disparate workforces in response to COVID-19, managing security becomes an increasing concern. One critical — and common — security question has to do with data center access. Employees need to access the same files, data and applications they needed when they were in the office; however, when remote activity is less regulated, how can companies make sure that access is still secure?
1. Patching
Patching is often overlooked when companies are in the midst of a crisis – but it shouldn’t be. Many companies forget to turn on their automated patching features or are using systems that do not allow it. Some refrain from automated patching in fear that patching will cause more issues.
Unfortunately, the shift to remote work has caused cyberattacks to become more prevalent. Companies can’t afford lax patching policies; if they don’t strictly enforce timely patches, they could fall victim to an attack.
In May, Cisco fixed dozens of high-security vulnerabilities with its Adaptive Security Appliance and Firepower Threat Defense firewalls. The Cisco engineer who found the vulnerabilities stated that attackers can prevent VPN connections and penetrate company networks. If a remote worker was using an unprotected VPN, it could leave company data at risk.
2. Phishing Awareness
While working remote, employees are even more reliant on email communication. When employees are working alongside one another in-office, it is easier for them to check the authenticity of an email. Due to the increase in email conversations, employees are seeing more and more phony emails in their inboxes. When working remote, they may be more likely to fall for a spoofed email.
It is suggested that companies set up other virtual verification channels outside of email, like Webex Teams chat, to easily confirm a risky email’s legitimacy. They might also consider refreshing their employees on phishing email awareness and protocols.
3. VPN Capacity
VPNs are critical to many remote work setups and can facilitate secure access to the company’s data center. However, with more employees using VPNs during the pandemic, companies may run into issues when a large number of users log onto them.
With the recent shift to remote work and customers acclimating to their new workflows, organizations need to ensure more than ever that their VPN remote access capacity and connectivity can manage employee workloads while keeping data security intact.
4. Protect Endpoint Devices
While using company devices at home, employees may run into more malicious security threats than they would in-office. These threats could potentially grant data center access to the bad actors, jeopardizing company, customer and employee data.
Because of this, companies should ensure that all endpoint devices are protected. Organizations should require anti-malware and anti-virus software on all company devices. They should also advise their employees to use multi-factor authentication on any devices they use to access the company network or data center.
5. Have a Disaster Plan
Having a plan for the unpredictable is crucial. When COVID-19 began, companies that had a disaster plan were prepared and less bothered by the sudden shift in workflows.
Companies should ensure their data centers host back-ups of everything they need to function normally, should their central network go down. They should create a well-thought-out plan regarding business continuity during worst-case scenarios. The plan should address how employees will continue working, including accessing all the data and files they need to remain productive. It should also address other aspects of remote continuity, including keeping collaboration high and ensuring sufficient VPN capacity. Companies may also consider different work patterns for different employees, depending on the nature of their work.
Work With a Data Center Security Consultant
IT Connection specializes in advising companies on data center setups and security, whether the workforce is remote or centralized. At IT Connection, our process allows us to build an honest, transparent partnership with you. As we work together, it is our goal to prepare you for all possible outcomes and be the shoulder you lean on during a crisis.
For more information on data security and compliance while working remotely, download our guide.