There was an understandable mad rush to get everyone working remotely before the lock-down started. Now that we’re running remotely, take a moment to check if your clients’ endpoints are still adequately covered.
Malware and ransomware
While some firms have moved to more advanced endpoint solutions, many still rely on old-style, signature-based anti-virus (AV) software to block malware. These solutions can only catch known threats and are relatively powerless to stop zero-day threats and ransomware. They also don’t provide full visibility of your network when it comes to cleaning up.
Simple, signature-based AV is also common for home users. Many are price sensitive and choose inferior security products (or often none at all!). This can be a particular concern with workers taking home their work devices, and connecting to the home Wi-Fi with unsecured devices present.
Given ‘working from home’ is now de facto, are you satisfied with your current endpoint AV solution? For the remote workers using their personal devices, are their security solutions protected to the same standard as their work device? Could you do with a solution that protects you from malware / ransomware, goes beyond endpoints, and gives a single-pane-of-glass analysis?
Phishing
Cyber-criminals commonly use phishing emails to try to get users to click links, download files, and enter their credentials into web pages / forms. As seen in the example below, phishing attacks definitely don’t stop when there’s a global pandemic. Spear-phishing attempts will also be on the rise as most remote workers won’t have the office community to consult with i.e. does the CEO really want me to transfer $10,000 urgently or is this a phishing attempt?
Have you adequately trained your users and clients to identify a phishing email? Or better yet, do you need a solution to protect them, when they do click on these phishing links?
Lost / stolen devices
Despite the police being out and enforcing the lock-down, there are still break-ins and burglaries being reported. Losing a device can be one of the biggest threats to your business. A stolen device that is logged in, can provide thieves complete access to both work and personal data, and user account credentials stored on the device.
Do you need Multi-Factor Authentication (MFA) on a device to safeguard it, in the event it gets lost?
VPN avoidance
A VPN can provide a great amount of protection when a user is connected. But if the solution is cumbersome, users may avoid connecting, if they simply want to check their personal email or social media accounts. This leaves the possibility of a user downloading something malicious on to their device. This then spreads the next time they connect to their work VPN.
Do you need to enforce website / content filtering, even when the user is off the VPN and on their home Wi-Fi?
Introducing WatchGuard Passport
To help secure remote workers, WatchGuard is offering full access to Passport (AuthPoint and DNSWatchGo bundled) free for 120 days. AuthPoint allows you to add MFA to laptops, cloud applications and VPNs. DNSWatchGO lets you configure website / content filters and enforce them even when users are off the VPN. The Passport bundle addresses the issues listed above. Best of all, they can be deployed remotely.
Want to learn more? Email watchguard@sofsol.co.nz now for more information. Are you keeping remote workers secure?