With Governor Dewine announcing a three-week break for Ohio schools starting end of day Monday, March 17th, and the general turn toward social distancing, there are many companies who may need to have their employees work from home. Depending on a company’s continuity plan, this could leave organizations more vulnerable to cyberattack. Hackers have always taken advantage of emergency situations and unfortunately this case is no different. Here are some things to consider as you plan your next steps.

Network Setup

Working from home starts with a good home network setup. Ensure you have a router that is up to date with the latest firmware updates provided by the manufacturer and avoid using the default admin passwords on your router. If you are utilizing wireless internet at home, check to see that it is encrypted using one of today’s latest wireless encryption protocols. Finding the information is dependent on your device. For PCs click your wireless icon and select “properties”, then look at the security type. We recommend WPA2 or WPA3. To locate this for other devices visit this link for instructions https://www.makeuseof.com/tag/tell-what-security-type-wi-fi-is/. Avoid using wireless connections marked as “open” whether at home or at a public place.

VPN

Companies that allow remote workers to access the internal network, need to provide a properly configured virtual private network (VPN) connection.  This connection should ideally be accessed by a company device that has up to date antivirus and malware programs.  All traffic should go directly through the VPN connection (no split-tunneling) to prevent outside malware from accessing the company network. To see if split-tunneling is set up on your VPN contact your VPN administrator.

For the most secure access, the VPN should be configured with multi factor authentication, providing an extra layer of authentication before allowing a connection. Note that this will only work if their laptop (work or personal) has the VPN connection. If the employee only has a stationary workstation they would need remote desktop protocol (RDP) in addition to the VPN.

Office 365

For those utilizing Office 365, you have the flexibility of accessing office tools and company data in the cloud. Once again, for better security, Office 365 should be configured with multi-factor authentication. Another secure option for Office 365 is to prevent access outside of the US. This is known as geo-ip fencing and can significantly reduce the amount of bad actors trying to login to your company’s tools.

What to do now?

Companies should be thinking about and planning what they will do in the event of a quarantine right now. Start testing and putting together guidelines around who can and who can’t work from home.

We realize with the current school closures action needs to be taken quickly, however please be patient as we assist in whatever way we can. You can call us at 740.475.1700.