How to Provide Maximum Security for Remote Users

Our tech and security experts weigh in on how to fully secure a remote user’s environment

This year has, thus far, tested the bricks in the foundation of many organizations in our industry. Unimaginable security breaches caused by advanced ransomware, plus the onset of global remote working (which may not be temporary), has many asking, “are there gaps in our security policies and structure?”

It’s important to know what steps to take inside and outside of your technology to fully secure users. At Oasis, we take preventive steps to make sure our client’s data is kept safe and secure; this includes everything from the application layer all the way through to network security and hardware configuration. With that in mind, we asked some of our team members to give recommendations on these, specifically for remote user security. All of their knowledge has been combined below to provide you with an expert’s well-rounded set of usable recommendations.

Application Security

At Oasis we host and manage a Suite of Technology, with the primary and most frequently accessed application being Relativity. Each application has built-in security options that can be adjusted to increase the level of security per user. Our team recommends enabling the following:

  • Computer-specific IP address identification
  • Multifactor authentication (MFA)
  • Complex password creation options for user account setup

We also require users to log in through a secure VPN like Citrix or Microsoft RD Web (also with MFA) before they can access any applications within our private environment. This provides additional security and control over your user population.

It’s crucial to know what security features are available within each application you’re using and ensure you have armed users with all the necessary information and tools for maintaining their security within those applications. That includes having the latest antivirus, reminding them of software updates, and educating them on security risks.

Network Security

At this point, it’s likely you’re aware of the network settings needed to safeguard your environment security. For optimizing user-level security, we highly recommend using secure VPN access points to establish an encrypted connection that safely transmits data and prevents unauthorized users from listening to activity.

Remote machines may also be set up to limit functionality, such as copying files and text to home machines, or barring access to services like Dropbox or Google Drive, which would allow users to upload and access files outside of the work machine. Consider the business need for the remote machine and build it to those exact specifications––if there is no need to access certain services, the security to block them should be in place. If you don’t choose this method, you could take a network inventory to see which unnecessary applications are running and shut them down. Here are some other tips for network security:

  • Create a weekly routine for checking that all devices are fully patched with the latest operating systems, antivirus/antimalware, and deploy all necessary updates regularly.
  • Carry out penetration testing to find and fix vulnerabilities.
  • Require the use of a password utility such as Lastpass or 1Password to make sure passwords are strong,  unique, and not easy to crack.
  • Give safety recommendations to remote users regarding their home internet:
    • Change the default administrator password and settings on your home router.
    • Require a password to access your Wi-Fi and encrypt using WPA2 to prevent hackers from simply capturing your data.
    • Create separate Wi-Fi networks––one for family and visitors and one for work to separate all internet activity.

Secure Hardware Configuration

  • Provide hardware that is suitable and capable of delivering your requirements.
  • Everything must be encrypted everywhere, then encrypted again. Ask yourself, ‘did I actually provide the tool or operating system to achieve the security requirements?’
  • Have policies in place for removable media use. It’s not safe for users to plug in personal or found USB drives, phones, etc., so be sure to have a policy that doesn’t allow users to plug them in. Set up an alert system to notify you if an unauthorized device is recognized in the system.
  • Consider providing hardware with biometrics such as fingerprint scanning or facial recognition.

Providing Security Education

  • Educate your team on physical securities, data classification, incident reporting, and acceptable use. This could prevent a security incident. Oasis uses KnowBe4 to train users on phishing and security awareness through games and a Netflix-like video series (our team actually enjoys this training program).
  • Provide remote work environment education:
    • Work from private spaces and make sure laptop screens are never visible to others.
    • Maintain privacy while on conference calls.
    • Don’t let friends or family use your work devices.
    • Secure devices when not in use.
  • Constantly educate yourself by receiving the latest security training and certifications available.

Ensuring accurate software, hardware, and network security aspects are in place will give you confidence in the foundation of your security. It’s a constant effort to provide proper training, hardware, network, and application security––all of which may take extra effort with remote users. However, you’ll be providing your team with a defense in depth approach that limits vulnerabilities, reduces the chance of a security incident, and increases the strength of your organization’s overall security. If you have questions about the suggestions in this article or would like to learn more about Oasis’ information security, cloud security, or secure data centers, contact us at info@oasisdiscovery.com.

Security recommendations provided by:
Jeremy Cheatham, Senior Systems Engineer
Tat Chunnui, Technology Services Manager
Brian Clark, Senior Systems Engineer
Jacob Dababneh, VP of Technology Services & Co-Founder
Jarrod Kimmel, Director of Technical Services
Matt King, Senior Solutions Engineer
Matt Kingdon, Information Security Director