IT Asset Management Best Practices - Work From Home Data Security
As if CSOs and CIOs didn’t have enough cybersecurity concerns to keep them up at night, along comes Covid-19 and the necessary transition
from working in an office to working-from-home (WFH). It should surprise no one that home-internet security is no match for the
safeguards that exist in a commercial environment.
The Wall Street Journal
reported that employees working from home are targets for hackers.
Staffers who are using their personal devices and internet services, have introduced a new set of cybersecurity weak points.
The article noted that home networks are often poorly secured, rely on less secure equipment, protected with weak passwords and are shared
by multiple users and devices. To complicate matters each of those devices may become infected with malware that collects and disseminates
personal or corporate information. WFH employees may also be more vulnerable to phishing scams that expose company networks,
as they may be less security-conscious outside the office. WFH has prompted many firms to adopt teleconferencing tools
that have experienced their own security weaknesses.
WFH Security Options
Fortunately, there are steps a CIO and CSO can take to mitigate some of the risk associated with WFH.
Empire Technologies Risk Management Group suggest the following steps to
improve WFH data security:
- Organizations can issue a standard laptop or tablet instead of a desktop to WFH employees
- Remote devices should have an approved list of software, including an anti-virus application, software firewall and an approved access portal
- If issuing a standard device isn't possible or practical, WFH employees should be required to have an approved antivirus subscription that best interfaces with the firm’s network configurations
- All computers, mobile devices, and routers used to access the corporate network should be powered down daily
- Use a password manager and require all WFH employees to reset passwords periodically
- Use the VPN solution over having files copied to the employee’s home equipment
- The collaboration suite (e.g. Zoom, Teams) must employ end-to-end encryption
Additional action points may include:
- Computers should have screen lock enabled so work assets are not visually exposed
- Computers should always be software firewalled and domain policy may be able to control the exceptions on the home computer
- Computers can be hardware firewalled with an inexpensive hardware firewall which separates the work computer from other devices on the home network
- Ensure the VPN solution has sufficient licensing and bandwidth to support the remote work force
- Hard drives should be encrypted
Using IT Asset Management to Support WFH Security
Policies are easy to implement in an office environment. However, the degree of management’s direct control over computer configurations virtually disappears in a WFH environment. However, a well thought out IT asset management (ITAM) solution can provide visibility into remote configurations and provide a degree of control over devices that are used for business purposes. Regular scans of home-based devices can provide the information needed to prevent potential security-related problems.
Some cybersecurity actions that IT management can take using their ITAM toolkit include:
- Inventory the software on each remote device that accesses the network
- Generate daily reports on non-compliant, obsolete or absent software and contact the employee to install the needed software or delete unauthorized software
- Run daily reports to determine that all software is up-to-date and instruct the employee to install the latest version or any applicable patches. software with known vulnerabilities
- Run discovery reports on all peripherals (e.g. printers, routers, back-up drives) that are connected to the remote device. If hardware with known vulnerabilities are discovered instruct the employee to remove or replace the device
- If company-issued devices are issued, inventory them daily to determine that no unauthorized or software with known vulnerabilities has been installed
For the IT Asset Management solution to provide the greatest benefit, it should be flexible enough to allow user-defined ad-hoc reports and discover and inventory a wide range of remote peripherals and mobile devices. In a mixed environment of company issued and employee-owned devices, an agentless, cloud-based IT Asset Management application can cover the entire spectrum of remote users.
Remote workers present a difficult situation for many companies. However, with the insight provided by a robust IT Asset Management solution, IT management can identify potential vulnerabilities, insure compliance with corporate security measures and policies and reduce some of the risk associated with employees working at home.