Social Network For Security Executives: Network, Learn & Collaborate
The use of a VPN does not create a secure environment. Many other factors, as noted below in other comments, are required to create a holistic security process.
Check list for Work from Home:
1. First thing IT should check is the remote working capability in case of Work From Home (WHF) is required
2. Segregate laptop and desktop users first.
3. Desktop users should be allowed for “use your own device” or company-owned or rented laptops
4. Deploy the endpoint monitoring agents and restrict the access as per the role, responsibility and company policies
5. Segregate and define productive applications
6. Check readiness of access of all critical application over on Web/VPN
7. Use messenger, file sharing, VC Meeting and screen sharing solution to avoid the travelling. (i.e. Team, Webex, GoTo Meeting, Skype etc.)
8. Use WhatsApp so that people get update for the quick task
9. Refer all organization email communications very seriously
10. Vendor, Buyers/Suppliers should also enable for digital platform like VC meeting and emails
11. Organizations must enable digital payment capability immediately if it is not there
12. Use Wifi/Data Card/Hot Spot for the network connectivity
13. To support above action items data Security and access management must be reviewed and validated by IT Team
14. Single source of information handled by HR & Corporate
15. Communication Team: Organization should have dedicated hotline/email id for emergency services (Employees can share their health condition and seek emergency support and care services) in case of any emergency
Agree with Ashish...
Is anyone doing anything relating to communications related to pivots related to Social Engineering? Thinking attackers using increased phishing for crednetial theft/malware delivery (already seen that from Krebs/Forbes) but also increasing awareness around calls potentially pretending to be the company's helpdesk e.g. attack calls "Hi, I'm from the Service Desk - you would have recieved a code and we need it to verify our email systems are working correctly" etc.?
As organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees. Remote work options—or telework—require an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network. As organizations elect to implement telework, the Cyber security and Infrastructure Security Agency (CISA) encourages organizations to adopt a heightened state of cyber-security.
The following are cyber-security considerations regarding telework.
More reference available at
https://www.us-cert.gov/ncas/alerts/aa20-073a - Enterprise VPN Security
https://www.us-cert.gov/ncas/tips/ST04-010 - Using caution with mail attachment.
https://www.us-cert.gov/ncas/tips/ST04-014 - Covid-19 Phishing mail awareness.
Based on your security policy and BCP plan you can enable the users to work from home. most of the companies are using VPN to enable the access with secure.
Zero trust solution will be a good option to run the WFH for critical application.
Use laptop lock to secure your laptop
Avoid going out of home
Avoid data intensive tasks like streaming if not is for business purpose
While companies are encouraged to use VPN connections, VPNs also have security risks.
One aspect is that of a split tunnel where traffic to the corporate network travels over the VPN while the traffic to general Internet exits the user's home network. The danger here is the corporate entity will have difficulty managing the Internet traffic. For example, if a user visits a malicious website, they could end up downloading something to their device that could then be uploaded to the corporate environment. If bandwidth allows, it is best to have a whole tunnel for VPN access.
Zero Trust model is much secure as well as scalable in today's scenario. VPN isn't cutting enough in 2020.
Moved one of my client to complete zero trust infrastructure and they are happily achieving 98% WFH.
Information Security Tips when Working from Home (gathered from our ISMS ISO 27001 policies).
Connection & Access
Data sharing & Collaboration
Phishing Emails and Websites
Other important points