IT and Business Insights for SMB Solution Providers

Building the Ultimate Work-From-Home Security Stack: Page 2 of 5

While there’s no one perfect recipe for protecting remote employees, channel pros have learned a lot in the last year about what works best. By Rich Freeman
Reader ROI: 
WORK-FROM-HOME devices and networks are vulnerable to attack and difficult to monitor, manage, and secure.
CHANNEL PROS MUST EMPLOY a layered combo of tools and techniques to secure data, endpoints, networks, and network connections.
CLEARLY WRITTEN and firmly enforced security policies are essential, along with ongoing security awareness training.
IT PROVIDERS should protect their own remote workers with the same technologies and best practices they use with customers.

“In many cases, when employees are using their own systems you might not know about it until after credentials have been compromised [and] information has been breached,” notes Kevin Beaver, founder and principal consultant of Principle Logic, a security consultancy based in Acworth, Ga.

To address issues like those, channel pros must embrace a combination of tools and techniques built around four fundamental objectives.

1. Protect the Data

Ultimately, everything in your work-from-home security stack is about protecting data, because data is the most valuable and coveted asset your customers have. Keeping data safe begins with encrypting it, according to Nancy Sabino, CEO of SabinoCompTech, a security and support services provider in Katy, Texas.

“Whether it’s a laptop or a desktop, if it’s going home with a user then it needs to be encrypted, because someone could break into their house and steal that device,” she says. Encrypting data also allows companies to avoid the financial fallout and reputation damage that inevitably follow publicly disclosing a breach, something most data privacy regulations require businesses to do.

BitLocker, a drive encryption feature provided free with Windows 10 Pro and Windows 10 Enterprise licenses, is an obvious place to start, but protects only data “at rest” on an individual device. A wide variety of business-oriented encryption solutions keep data free from snooping “in transit” between devices as well.

2. Protect the Endpoint

It probably goes without saying that every desktop, laptop, or other device used for work at home should have an enterprise-caliber endpoint security system on it and at least a local firewall enabled. Cruciana recommends making DNS filtering software mandatory too, and further advises choosing a product that users can’t easily shut off or bypass. “It’s not that we want to be the internet police, but we want to make sure that we’re not introducing additional risk,” he says.

Software for managing endpoints, like an RMM solution, is critical as well, Cruciana adds. “At a minimum, we’re doing daily software and configuration audits of the device, [and] limiting and restricting the use of administrative access on those endpoints so that users aren’t able to go and install software and make changes.”

Sabino, for her part, leans on mobile device management software to ensure that she can lock or wipe work-from-home hardware if it’s lost or stolen, or if its owner changes jobs. Though Sabino uses Intune, Microsoft’s single-tenant MDM offering, alternatives with the multitenant management capabilities MSPs require are available from vendors like VMware and SolarWinds MSP.

Cruciana, meanwhile, employed an increasingly popular shortcut last year to secure devices for some of his clients with especially strict regulatory requirements: a virtual desktop solution. Products like Windows Virtual Desktop centralize potentially vulnerable resources in a heavily fortified Microsoft data center. “In the right client set, that obviated the need for a lot of the stuff on the endpoint,” Cruciana notes.

About the Author

Rich Freeman's picture

Rich Freeman is ChannelPro's Executive Editor

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.