JOSHUA LIBERMAN still remembers the first work-from-home (WFH) PC he helped set up for a client. It belonged to the CEO of a $15 million business who had owned it for 14 years, shared it with other family members, and used it on a Wi-Fi network without even WPA in place. The device had anti-virus software, but the license had expired roughly seven years earlier.
For Liberman, who is president of Albuquerque, N.M.-based solution provider and MSP Net Sciences, that was just the beginning of a wider, now familiar challenge.
“”We had this kind of perfect storm where we had to provide access to genuinely terrible machines on miserable networks and insecure connections,”” recalls Liberman of those frantic early days after COVID-19’s arrival. “”Security was an afterthought. We had to connect people first and there was just no chance that we were going to get the time, much less presence in the home, to do the things we needed to do to truly secure these connections.””
Hard as it is to believe, however, half a year has passed since coronavirus-inspired lockdowns first turned millions of office dwellers into instant telecommuters. Channel pros like Liberman have used those months to learn valuable lessons about keeping remote workers safe.
Tremendous Risk
Good thing too, because WFH employees are not only using personal PCs on unprotected networks, they’re doing so with kids underfoot, a recession underway, and the path toward an end to the pandemic still far from clear—all of which makes them ripe targets for hackers.
“”You have users who are in various states of certainty and uncertainty, and the bad guys know this,”” says Rob Boles, president of BLOKWORX, a managed security service provider with offices in Arbuckle and Larkspur, Calif. That’s one reason ransomware attacks were up 109% year over year in the U.S. during the first half of 2020, according to SonicWall.
Simply waiting out that cybercrime wave isn’t an option either, because the WFH phenomenon is here to stay. Indeed, businesses globally expect 25% of their staff to work remotely even after COVID-19 is behind us, according to a July study by network and application performance management vendor Riverbed.
Safeguarding remote workers now and into the future, experts say, begins with the basics, like deploying endpoint security and DNS filtering systems on home-based endpoints, and patching those devices. Multifactor authentication software is a must too, according to Rory Sanchez, CEO of True Digital Security, a security solution provider with locations in Florida, New York, and Oklahoma.
“”Almost every phishing attack that we’ve seen could have been prevented with multifactor authentication,”” he says.
If your customers use Microsoft’s remote desktop protocol (RDP) technology to connect with office PCs, turn your attention there next. Too many channel pros desperate to get clients online earlier in the year used unsecured RDP connections. “”I literally as an operator cannot count the times in the last six months that we’ve been called to remediate or help clean up an environment because of ransomware due to RDP open to the internet,”” Boles says. “”The risk is tremendous.””
A good, solid VPN solution will help mitigate that risk, but proxied RDP services, like the one from TruGrid that Liberman uses, are an option too. Such systems redirect RDP traffic to cloud-hosted servers that inspect and clean it before sending it to its destination. They also share reporting data.
“”We can get alerts about multiple failed connections. We can get alerts about what I call ‘geofence hopping,’ or basically connections that are coming from IPs or regions that they shouldn’t be,”” Liberman explains.
Scott Beck, CEO of Riverview, New Brunswick-based MSP BeckTek, took a different approach, using the remote access software included with his RMM solution rather than RDP to connect personal endpoints to the office, and then blocking all file transfers from the local machine. “”So basically, we turned a home PC into a TV with a keyboard and a mouse,”” Beck says. “”That’s how we got them into the network securely without having to worry too much about their actual device.””
Sanchez has an even simpler suggestion: Replace your customer’s physical desktops with cloud-based ones. Solutions like Windows Virtual Desktop and Amazon WorkSpaces, he notes, make RDP and technologies like it unnecessary.
Stacking More Gains
When stay-at-home orders first went into effect six months ago, getting clients online fast was job No. 1. With that initial scramble now long since over, however, helping users work safely from home should be the new priority.
According to Boles, establishing a clearly articulated policy for secure WFH computing is a great place to start that process. “”If there’s no security policy, everything else doesn’t matter,”” he says, adding that deploying next-generation firewalls with sandboxing functionality and zero-day protection is a wise next step. BLOKWORX uses such products to perform health checks on remote hardware attempting to join the network.
“”Before the device can even connect, we’re querying for patch status and that the security software is intact, basically that the profile and machine is what we want it to be,”” says Boles, who also advises channel pros to segment home networks that support smart thermostats and door locks in addition to WFH devices.
Sanchez recommends carefully rechecking the permissions assigned to work-from-home gear and other security settings. “”Lots of things were deployed quickly,”” he notes, and giving devices excess rights can be tempting when time is short. Putting rigorous change management processes in place, Sanchez continues, can help stop configuration errors from endangering customers in the future.
Longer-term plans should include layering in data security software, data loss prevention solutions, dark web monitoring, and security awareness training systems. “”Each one by itself might not be huge, but stacking those types of things is where you make your gains,”” Boles says.
You might be surprised at how willing even your most tight-fisted customers are to pay for those gains, too. Beck is one of many channel pros who’ve been pleasantly surprised at how open-minded businesses are lately about investing in better security.
“”If you haven’t had that conversation around security because you were worried that your client might not want to spend on it or might go away, this is the time to start having that talk,”” Beck says. “”Do it now before it’s too late, because bad things are going to continue to happen.””
Image: iStock
