SECURE REMOTE ACCESS
Thank you for joining us today. We truly appreciate it given the unprecedented times we find ourselves in. The purpose of today’s webinar is to discuss some of the challenge’s organizations face when working remote as well as what to look out for.
We’ll also be talking about solutions we recommend helping ensure the most effective and secure remote workforce possible.
Before we get started, I wanted to introduce our team today. First, my name is Chris Montgomery and I’m the Director of Sales for ThrottleNet. With me I have Aaron Oliver – our Director of Cloud Services – since we couldn’t think of a better subject matter expert given how everyone is working today.
We also have AJ Rodgers tracking our chat board for any questions and George Rosenthal – ThrottleNet’s President – orchestrating our webinar today.
Before we get started, I’d like to set a few guidelines to ensure we work through this material in the timeliest manner possible.
Please refrain from unmuting yourself since we don’t want to have any cross talk or – a more likely scenario – kids fighting in the background (maybe I’m speaking for myself on that one, but I doubt it).
In addition, please enter any questions you have in the chat window on your screen. If you can’t find the chat feature, simply look for a text bubble in your GoToMeeting dashboard. Since we understand everyone’s time is important, we’re going to wait until the end of the webinar to answer any questions received throughout.
Since this was our first webinar and we had to assemble it quickly, we recognize there may be some limitations; however, we’re going to be introducing a new webinar solution in the coming weeks which will resolve most – if not all – of these issues as well as providing additional features for interaction and communication.
Thank you in advance for your cooperation. Without further ado, let’s get started.
The purpose of today’s webinar is to review best practices as well as what you should be concerned about as we transition to a mobile workforce for the foreseeable future.
Since we don’t know how long this will be in effect, we want to ensure everyone understands basic principles when working remote as well as what solutions you can use to be more effective.
Prior to getting started, let’s review our agenda for the day.
First, we’re going to review general methods on how to work remote.
While reviewing these methods, we’ll also be discussing solutions that can assist with collaboration and general communications
From there, we’ll review the security risks, why they’re risks and what you can do about it
Finally, we’ll outline ways we can help.
SAFELY, SECURELY AND COMPLIANTLY:
Just so everyone is aware of the overarching concerns we had when creating this webinar, these were as follows:
Ensuring remote work can be performed safely and securely to avoid your data being compromised.
And for those industries such as healthcare and finance, we want to make sure we’re compliant – to the best of our ability and when possible – so why don’t we start there.
A SOLUTION THAT MEETS ALL COMPLIANCE REQUIREMENTS FOR YOUR BUSINESS
For those that aren’t aware, your remote work solution must be compliant if you are subject to HIPAA, FINRA, SOX or PCI regulations. If the method remote access isn’t compliant, you are exposing your data and business to unnecessary risk. Some things to consider when thinking about this.
Am I working in a secure, web based environment or am I working on a local server infrastructure located in my office? If you answered a web-based environment, you’re most likely in compliance since the provider is responsible for ensuring their systems meet whatever regulations you might be subject to.
Conversely, if you’re working via remote connectivity, you need to make sure you’re accessing the data via a secure VPN or RDP connection. If you’re not, you need to get this in place as soon as possible to ensure your data is secure while in transit.
What solution am I using for file access and collaboration? If you answered Office 365, you should be in compliance as these meet minimum standards; however, there are those organizations that require heightened compliance measures when using these solutions and this may require upgrading your subscription to a more compliant variation. For example, your Office365 account may need to be increased from E2 to E3 for those familiar with how Microsoft designates these.
Finally, and most importantly, if your solutions allow for MFA, please turn this on. This is one of the simplest yet most effective ways to ensure security around your data. For those that may not be familiar with this, when you log in to an application, it sends a code to you phone which provides a number you key in in addition to your username and password.
RELIABLE INTERNET CONNECTIONS
Obviously, you also need a secure home internet connection. This is pretty simple since you just need something that provides minimal bandwidth and is reliable.
However, for the employer, you will need a more robust internet connection that can handle many simultaneous secure connections since you’re going to have your entire team remotely accessing the network and, as a result, consuming bandwidth. We recommend Charter as our experience with them has been positive and the speeds are typically consistent.
Keep in mind that cloud-based apps such as Microsoft Office 365 or Google Apps do not require or put any strain on the employer’s internet bandwidth. This is because your end users are accessing those secure cloud platforms directly from their pc and internet at home; however, you do want to make sure the data is as secure as possible on a home network. We’ll talk more about this later.
Either way, your remote workforce shouldn’t have to increase their connectivity – in most cases – unless they live in rural areas in which case they may be limited.
THIRD PARTY SOLUTION FOR DIRECT CONNECTION TO COMPUTERS AT WORK
Now that we’ve established connectivity and compliant solutions, let’s discuss solutions that allow for access to your PC remotely.
There are great 3rd party applications that end users can download and install on their home PCs and on their computer at work; however, his will require that their computers at work stay powered on. An example that most are familiar with would be Go To My PC.
ThrottleNet offers a solution as well via our Everfuel Remote Access solution which we introduced specifically for the situation we find ourselves in today. We’ll cover this solution in greater detail later in our presentation.
Other solutions include Nord VPN, Private VPN or ExpressVPN. I only mention these as ThrottleNet doesn’t have personal experience with them nor do we represent any of these organizations; however, they are viable options.
Once connected, your end users will be able to securely work directly from their desktops at work!
WINDOWS VIRTUAL DESKTOP
Another method you can use is Windows Virtual Desktop. This solution allows for a secure virtual Windows experience that is usable by any device including phones and tablets and lets them securely access their work data and apps from anywhere even on an unsecure device such as the end user’s home PC!
Keep in mind, this would need to be setup already and isn’t something that can be introduced on the fly.
Keep in mind, this isn’t the same as accessing your Office365 account online. This too offers access to all the same tools you have access to via your desktop, but in the Microsoft hosting environment instead. This allows for creation of documents and collaboration but won’t provide you with a virtual desktop with all of your users’ settings and profile information.
You also use Citrix as a number of virtual desktop solutions use this to house your virtual workspace allowing access from anywhere, anytime and on any device.
SECURE ACCESS TO YOUR FILES AND FOLDERS
If your end users are using a 3rd party solution to connect directly to their work PC, are using Windows Virtual Desktop or are accessing their files via Office365 online, they should be good to go.
Keep in mind that users can still download files meaning if they are doing so on a local, consumer grade PC, there could be security and compliance risks which we’ll discuss later in our presentation.
ROBUST CLOUD PHONE SOLUTION
We would also recommend using a contemporary cloud phone solution such as RingCentral as this allows your users to use their business phone extension directly from their cell phone or desktop.
Additionally, these solutions include the ability to securely and remotely communicate through chat, text or video on a computer using an encrypted channel in addition to allowing for conference calls depending on the features you’ve chosen.
Another solution we’ve been using and for those companies that have it is Microsoft Teams. This has a built in VOIP and video conferencing solution that works well if you don’t have a phone system that’s hosted; however, this would be limited to internal team members only since this isn’t something that allows you to redirect internal calls.
It does allow you to make outbound calls though assuming the contact is in your list of contacts and are added to your list of speed dials.
WEBCAMS FOR REMOTE MEETINGS AND PRESENTATIONS:
One of the biggest challenges I’m having as a sales professional is the ability to connect with people one on one. This is where having a good webcam as this personalizes your meeting and can come in handy when trying to overcome the disconnect.
We would also recommend creating a solid PowerPoint presentation for your Sales team as this will convert them from a voice over the phone into an interactive presenter. As they say – a picture is worth a thousand words.
Speaking for myself, I’m using this time as an opportunity to change how I sell so that I can be more effective when this is over.
HIGH QUALITY HEADPHONES AND MICROPHONE
It should also go without saying but invest in high quality headphones as these can greatly reduce distractions from the home environment around you – especially if your end users have kids or animals!
There’s nothing worse than being on a conference call only to have your kids break into a full-blown fight in the next room. I’ve been there more times than I can count, and you will be to if you have little ones at home.
We recommend the Bose QC line of headphones. We like how clear they sound and what amazing noise canceling ability they have.
MAKE SURE YOUR ONLINE MEETING IS SETUP TO MANAGE MORE PARTICIPANTS
Regarding online meetings and presentation, you should remember that the number of participants you can have on a call is limited. This means you may need to increase your subscription to accommodate the increased number of online participants.
Check this BEFORE your meeting since there’s nothing worse than finding out the hard way that you don’t have enough space to accommodate everyone.
Another thing to keep in mind, these companies are being inundated with requests, so if you can do this online and without involving a customer service rep, you should.
For those organizations that require a lot of collaboration, we would encourage you to check out Office 365’s tools such as OneDrive, SharePoint and Teams – all of which can provide your team with the ability to work remote while still collaborating in real-time with team members. Other solutions include Monday.com and Basecamp as these allows you to create project plans as well as collaboration with designated team members.
We’ve found this to be a great way to keep your people on task by creating to do lists that are updated daily. This allows your managers to view the progress each team member made that day.
And as an Open Book Management company, we would encourage you to put in place metrics to track employee activity and performance. These might be number of calls made, number of tasks completed, or, in our case, number of tickets resolved.
CREATE A SERIES OF HOW TO GUIDES
We would also recommend creation of “How To” or “How Do I” for your most used applications as these may work differently when accessing them remotely.
You also want to make sure your users are familiar with the remote access solutions they’ll be using such as VPN or RDP and how to log on to your network or their PC.
MOBILE DEVICE MANAGEMENT
You also want to be thinking about how you’re going to manage your fleet of mobile devices since these will be used heavily. The reason is that staff are more likely to have their devices stolen (or lose them) when they are away from the office or home.
You want to make sure all devices encrypt data while at rest, which will protect data on the device if it is lost or stolen. Most modern devices have encryption built in, but encryption may still need to be turned on and configured.
Fortunately, most devices include tools that can be used to remotely lock access to the device, erase the data stored on it, or retrieve a backup of this data. You can use mobile device management software to set up devices with a standard configuration
Due to the increased possibility the device could be lost or stolen – whether using their own device or the organizations – you must ensure your team understands the risks of leaving them unattended, especially in public places. When the device is not being used, encourage staff to keep it somewhere safe.
You should also create a policy outlining what will happen if a device is lost or stolen as well as the expectations. For example, make sure that staff knows who to report a lost or stolen device and encourage users (in a positive, blame-free manner) to report any losses as soon as possible. The early reporting of such losses may help minimize the risk to the data, and staff who fear reprisals are less likely to report promptly.
Ensure staff understand the importance of keeping software (and the devices themselves) up to date, and that they know how to do this.
Finally, if you’re using an MDM solution already and if your organization allows for BYOD, make sure your team is backing up their photos and music since these items are wiped from the device in the event it’s reported stolen. This means if the user finds it later, it may be wiped already thus creating a negative situation.
USB DRIVES AND REMOVABLE MEDIA
USB drives can contain lots of sensitive information, are easily misplaced, and when inserted into your IT systems can introduce malware. When USB drives and cards are openly shared, it becomes hard to track what they contain, where they’ve been, and who has used them.
You can reduce the likelihood of infection by disabling removable media or allowing only products supplied by the organization to be used assuming the data is encrypted while at rest on removable media.
You can also ask staff to transfer files using alternative means (such as by using corporate storage or collaboration tools such as OneDrive, FTP sites or email), rather than via USB.
PROVIDE AN INTERNAL WHO TO CALL LIST
Finally, make sure staff know how to report any problems. This is especially important for security issues.
If you work with a company like ThrottleNet, we would be who you’d call, but if you don’t, please direct users to the appropriate support channels.
A Reliable Employee Who Can Work from Home
Finally, and most importantly, you need an employee that can work remotely without supervision.
Unfortunately, we can’t help you here, but we’d suggest someone that loves animals, but what do we know, we just like animals and think that’s a good trait to have.
REMOTE WORKFORCE SECURITY RISKS
That’s it for general Remote Workforce Best practices. Now let’s take a moment to review some of the security risks associated with your Remote Workforce
PERSONAL COMPUTING DEVICES
It should go without saying that personal computing devices aren’t typically secure or at least as secure as they should be when handling company data. These devices don’t always have up to date AV solutions, may already have malware infections, may not be configured to ensure the data is encrypted while at rest, may be lacking in security updates and in some cases, may be running an end of life OS such as Windows 7.
They also don’t have complex passwords – since they’re probably used by the entire house – if they have passwords at all. An example of a complex password is one the exceeds 16 characters and has a number, letter or symbol contained within. Simple ways to create these passwords include using movie lines, song lyrics or positive affirmations.
Home PC’s don’t typically have screen lockouts turned on unless they’re setup properly meaning if they’re in a public place – even though they shouldn’t be – and leave their PC, someone could steal it and access the data within since they can enter the password as many times as they’d like without it eventually locking them out. Again, that’s assuming there’s a password at all.
In an ideal world, these PC’s should be provided by the company, but we know that’s not going to be the case for 100% of end users since most weren’t prepared for something like this.
CONSUMER GRADE HARDWARE
Consumer Grade Hardware such as routers and firewalls are also not up to most compliance and security requirements. Again, if you’re accessing data via a secure connection and/or in a secure environment, you should be fine – just remember that this is a weak point in everyone’s home that can be exploited.
HOME WIFI CONNECTIONS
We would encourage you to ask your users to create a complex password to access their wireless network – assuming they have a password at all. This ensures the WiFi is secure and can’t be accessed by a neighbor or someone in close proximity to their home.
For example, I can see most of my neighbors WiFi networks as well as which ones are secure. This alone illustrates the importance of asking your users to make this minor change.
SPOTTING EMAIL SCAMS
Keep in mind that Phishing attacks aren’t going away because of the virus. If anything, they’ll increase since cybercriminals love to exploit people in times like this. Make sure your team knows what to look for as well as what to do in the event of a phishing attack.
Things to look for include emails from unknown recipients with links or attachments, requests to make wire or financial transfers, tracking numbers from UPS or FedEx – especially right now given that this is how most people are shopping during this time – odd phrasing or misspellings.
You also want to check the sender to make sure it’s not a spoof email. A way to do this is simply to hover over the from address which will show you if the person is who they say they are.
CYBERCRIMINALS ARE PREYING ON FEARS OF THE CORONAVIRUS
Another way hackers are exploiting this is via charities or websites claiming to be for the public good that are malicious sites which could download malware onto your computer, or steal passwords. These scams may claim to have a ‘cure’ for the virus, offer a financial reward, or be encouraging you to donate.
Like many phishing scams, these emails are preying on real-world concerns to try and trick people into doing the wrong thing.
WHAT TO DO IF YOU THINK YOU’RE THE VICTIM OF A PHISHING ATTACK?
If you feel you’re the victim of a phishing attack, please follow these steps in addition to providing them to your users.
- If this is home your home PC running your AV solution, open your antivirus (AV) software and run a full scan. Follow any instructions given.
- If you’ve been tricked into providing your password, you should change your passwords on all your other accounts immediately.
- If you’re using a work device, contact your IT department and let them know.
The sooner an issue is identified, the more effective we or your IT team can be in resolving it.
We’re very close to the end of our presentation today; however, I’d like to take a moment to outline a few ways ThrottleNet can assist you.
For those organizations that require secure remote access, we’ve introduced Everfuel Secure Remote Access. This solution is only $9.95 per user/per month plus a onetime setup and training fee of $10. There’s no commitment and you can cancel anytime.
Of course, for those of you on one of our Managed Network plans, most of what we’ve discussed is covered assuming you’ve kept your network current and have been heeding the advice of your VCIO.
For those that aren’t familiar, Managed Network is where ThrottleNet serves as your full time IT department by providing maintenance, monitoring and management of your network in addition to a fully staffed help desk and dedicated team of IT professionals.
REMOTE MAINTENANCE AND MONITORING PLUS AV
If managed services aren’t for you, we’d recommend our workstation remote maintenance, monitoring and AV combo as well as our server safeguard. This ensures your machines are protected in addition to sending alerts in the event of an issue.
Finally, we offer a variety of hosting solutions via Microsoft including Office365 and Azure Cloud Hosting.
These solutions – when working in concert – allow you to work from anywhere as long as you have an internet connection. Couple this with a hosted VOIP phone system such as Ring Central and you should be good to go if this ever happens again.