COVID-19 or Corona Virus has brought dispersed workforces to the forefront of many conversations, but there has been no small scholarly debate about the benefits of working remotely versus the unmanaged cybersecurity concerns that working remotely creates. Directives from local, state, and federal authorities to combat the spread of COVID-19 has forced the issue and resulted in many organizations in adopting widespread work from home. While working remote isn’t new to the tech world it is new for many other industries that are adapting to this new environment and with this increase in the remote workforce cyber attackers are taking advantage. This means that ransomware and malware are at an all-time high.
Organizations that had policies and infrastructure in place to allow for work from home found themselves ahead of the curve, aside from provisioning additional resources they were able to continue working with little or no interruption. Those organizations without existing policies and infrastructure found themselves scrambling to those items in place before shelter in place orders were given.
Working from home presents some unique challenges. Your employees need to be able to access their files and utilities as if they were in the office, you need to provide protection to confidential and sensitive data, and keep the business running.
Connecting back to the home office can be accomplished in a few different ways, each with their pros and cons. Remote Desktop and VPN connections are by far the most common.
What Is the Difference Between Remote Desktop and VPN Connections?
- Remote Desktop Services (RDS) allow users to remotely connect to a virtual computer from any location so long as they have an Internet connection and proper permissions. By having the virtual computer reside on the internal, corporate network it allows your IT team to make sure that the device is protected, up to date, and has the necessary applications and programs deployed to it. Unfortunately, RDS deployments consume a considerable amount of resources and require routine maintenance to ensure proper functionality. A key security consideration in RDS deployments is that the user’s computer does not have direct access to the corporate network, providing a layer of protection.
- A VPN can best be illustrated by imagining a long network cable from the office to your employee’s home. Connecting to this allows your employee’s device to function as if it is on-premise and connected to the corporate network. This type of connection does allow for malware such as ransomware to traverse this connection and impact the corporate network..
While the connection can allow for upstream travel of malware, VPNs can require less upkeep than RDS connections.
[Cyber Threat- Work From Home Recommendations]
Protecting your confidential and sensitive data will utilize specific strategies based on where the data is located. Files and data on your company servers will retain the same protections as if your employees were in the office. If someone attempts to access files that they wouldn’t normally have access to, they will receive the same denial as if they were in the office. Protecting your cloud-based files can be accomplished through similar means with Microsoft 365 App. By utilizing a similar permission scheme as your on-premise files, you protect your data from being accessed by employees hoping to circumvent permissions. Microsoft also has an offering for Data Loss Protection (DLP). This protection allows you to define types of data, specific files, or even patterns to protect them from being copied or stored in a different location.
By combining these technologies to allow your employees to connect to your corporate network and protecting your data, you have an environment that will allow your business to continue with no large interruptions.
For more information on how to securely connect your team, check out our Remote Workforce Checklist Here.If you are unsure what solution will work best for your business our experts are here to help. Contact a team member today.
Ryan is a Security analyst with 10 years of combined IT experience with the last 4 focusing on cybersecurity. Ryan’s education in Criminology and Psychology enhance his capabilities in threat hunting, forensics, and end-user awareness. When not hardening client defenses, Ryan enjoys spending time with his family, hunting, fishing, and camping.