How to Provide Maximum Security for Remote Users
Posted On June 18, 2020
Our tech and security experts weigh in on how to fully secure a remote user’s environment
This year has, thus far, tested the bricks in the foundation of many organizations in our industry. Unimaginable security breaches caused by advanced ransomware, plus the onset of global remote working (which may not be temporary), has many asking, “are there gaps in our security policies and structure?”
It’s important to know what steps to take inside and outside of your technology to fully secure users. At Oasis, we take preventive steps to make sure our client’s data is kept safe and secure; this includes everything from the application layer all the way through to network security and hardware configuration. With that in mind, we asked some of our team members to give recommendations on these, specifically for remote user security. All of their knowledge has been combined below to provide you with an expert’s well-rounded set of usable recommendations.
At Oasis we host and manage a Suite of Technology, with
the primary and most frequently accessed application being Relativity. Each application has built-in
security options that can be adjusted to increase the level of security per
user. Our team recommends enabling the following:
IP address identification
password creation options for user account setup
We also require users to log in through a secure VPN like Citrix or Microsoft RD Web (also with MFA) before they can access any applications within our private environment. This provides additional security and control over your user population.
It’s crucial to know what security features are available within each application you’re using and ensure you have armed users with all the necessary information and tools for maintaining their security within those applications. That includes having the latest antivirus, reminding them of software updates, and educating them on security risks.
At this point, it’s likely you’re aware of the network settings needed to safeguard your environment security. For optimizing user-level security, we highly recommend using secure VPN access points to establish an encrypted connection that safely transmits data and prevents unauthorized users from listening to activity.
machines may also be set up to limit functionality, such as copying files and text
to home machines, or barring access to services like Dropbox or Google Drive,
which would allow users to upload and access files outside of the work machine.
Consider the business need for the remote machine and build it to those exact
specifications––if there is no need to access certain services, the security to
block them should be in place. If you don’t choose this method, you could take
a network inventory to see which unnecessary applications are running and shut
them down. Here are some other tips for network security:
a weekly routine for checking that all devices are fully patched with the
latest operating systems, antivirus/antimalware, and deploy all necessary
- Carry out penetration testing to find and
- Require the use of a password utility
such as Lastpass or 1Password to make sure
passwords are strong, unique, and not
easy to crack.
- Give safety recommendations to remote users
regarding their home internet:
- Change the default administrator password
and settings on your home router.
- Require a password to access your Wi-Fi
and encrypt using WPA2 to prevent hackers from simply capturing your data.
- Create separate Wi-Fi networks––one for
family and visitors and one for work to separate all internet activity.
Secure Hardware Configuration
- Provide hardware that is suitable and
capable of delivering your requirements.
- Everything must be encrypted everywhere,
then encrypted again. Ask yourself, ‘did I actually provide the tool or
operating system to achieve the security requirements?’
- Have policies in place for removable
media use. It’s not safe for users to plug in personal or found USB drives,
phones, etc., so be sure to have a policy that doesn’t allow users to plug them
in. Set up an alert system to notify you if an unauthorized device is
recognized in the system.
- Consider providing hardware with
biometrics such as fingerprint scanning or facial recognition.
Providing Security Education
- Educate your team on physical securities,
data classification, incident reporting, and acceptable use. This could prevent
a security incident. Oasis uses KnowBe4 to train users on
phishing and security awareness through games and a Netflix-like video series
(our team actually enjoys this training program).
- Provide remote work environment
- Work from private spaces and make sure
laptop screens are never visible to others.
- Maintain privacy while on conference calls.
- Don’t let friends or family use your work
- Secure devices when not in use.
- Constantly educate yourself by receiving
the latest security training and certifications available.
Ensuring accurate software, hardware, and network security aspects are in place will give you confidence in the foundation of your security. It’s a constant effort to provide proper training, hardware, network, and application security––all of which may take extra effort with remote users. However, you’ll be providing your team with a defense in depth approach that limits vulnerabilities, reduces the chance of a security incident, and increases the strength of your organization’s overall security. If you have questions about the suggestions in this article or would like to learn more about Oasis’ information security, cloud security, or secure data centers, contact us at firstname.lastname@example.org.
Security recommendations provided by:
Jeremy Cheatham, Senior Systems Engineer
Tat Chunnui, Technology Services Manager
Brian Clark, Senior Systems Engineer
Jacob Dababneh, VP of Technology Services & Co-Founder
Jarrod Kimmel, Director of Technical Services
Matt King, Senior Solutions Engineer
Matt Kingdon, Information Security Director