Moving millions of employees, their computers and their data from a secure office environment to the home — with minimal notice — presents tremendous data security risks, including simple technical glitches, accidental human error and malicious ransomware attacks.
Below are seven steps practised by StorageCraft to ensure a safe transition.
1. Secure employee devices
- Where possible, provide laptop devices so employees aren’t forced to use potentially less secure personal devices for work such as home desktops.
- Secure these devices with endpoint protection measures: install antivirus, automated patch management and automated backups.
- Install a strong SSL VPN solution such as on every company laptop for a secure connection to the company network. Conserve network bandwidth, if necessary by using a split-tunnel connection which increases your security level by only providing secure access to corporate-approved resources.
2. Protect business data
- Set up a company-wide policy that automatically saves documents and data to Google’s G Suite or Microsoft O365 or your on-premises share drive. NOTE: With only 30 days of retention for files from these services, make sure you add a backup solution and match your backup frequency to the importance of the data.
- For unstructured data on-premises, set up employees to store their work files on a company-managed file server with immutable snapshots capability, rather than their own laptops.
- Take image-based backups of employee laptops — so, should an employee laptop fail, you can use a backup to restore the operating system, applications and data to a new laptop in minutes — which sure beats reinstalling everything and will recover any data that wasn’t stored to the file share or cloud. Or for remote users with low bandwidth, a file and folder backup solution might be a preferred alternative.
- Redundancy is key, so replicate all laptop and file-server backups to the cloud (ideally, a purpose-built disaster recovery cloud, which enables swift recovery).
- Your mission-critical data and applications are already backed up, so ensure that the SLA matches the importance of the data, and that the data is replicated to an off-site data centre or a third-party cloud provider.
3. Secure the laptop and the network
- Ensure network security with an endpoint security tool that protects a laptop. Also leverage all the next-generation firewall security services to protect the network and scan for viruses and ransomware as well as for suspicious connections to and from your company.
- Again: redundancy is key. Store server backups onsite and also replicate those backups to a remote location — either a disaster recovery data centre or the cloud. Using a cloud provider with DRaaS capabilities will enable you to fail over the entire network, data and applications should the need arise.
4. Devices and remote users
- Confirm the identity and security state of each endpoint device, be it corporate or personally owned, including laptops, desktops, smartphones and tablets.
- Control admission for remote users and their associated devices based on the user identity and access right level of trust.
- Allow access based only on the resources users are authorised to access — either on-premise or in the cloud.
5. Provide remote support
- Use remote connecting software which enables the helpdesk to see an employee’s screen and troubleshoot issues remotely.
6. Test, train and educate
- Regularly test your backups and your ability to recover! While having a backup is important, being able to recover all data completely and quickly is absolutely critical for business continuity.
- Triple down on phishing: a successful phishing scam can expose you to ransomware and render all your data useless. Test your network and your employees to find the holes in your network protection and to train your employees in being able to spot phishing emails that lay the groundwork for a ransomware attack.
7. Provide communications tools
- Provide and enforce the use of company-wide communications tools for instant messaging, video conferencing and telephony that are secure. These tools ensure employees can stay productive, be social and continue collaboration while still keeping the business secure.