The novel COVID-19 pandemic has changed the way organizations work. The sudden transition to remote work has forced organizations to look for temporary fixes to bridge the gap, leaving their endpoints exposed to an unprecedented threat landscape. Insecure internet connections, a lack of perimeter security, and the inability to implement effective security policies have made remote endpoints a breeding ground for threat actors. We are already seeing eased lockdown restrictions in regions that have contained the virus. Sooner or later, many employees will return to their workplace to resume their work.
While returning to the office might instill a sense of relief and normality for employees, bringing all the devices that may have been left unprotected during quarantine, or even infected with malware, back into your corporate network is nothing short of unleashing a ticking time bomb.
We’ve derived a list of endpoint security measures that you need to eliminate the security lapses brought about by remote work.
Restrict privileges to specific applications
Forrester estimates that 80 percent of data breaches have a connection to compromised privileged credentials. The first step to prevent worms within compromised computers from executing with admin privileges or advancing to the rest of the network when your workforce heads back is to enforce the least privileges for all users. You should allow admin privileges only for chosen applications on an as-needed basis.
Secure BYOD devices and containerize corporate data
Pre-pandemic, some organizations used desktop computers as the de facto workstation. Bowled over by the sudden lockdown restrictions, they might have been forced to allow employees to use personal laptops, mobile devices, or tablets for remote work. While returning to the office, employees may use those same devices to resume work.
Threat actors will likely take over any unprotected devices, especially personal devices, to gain access to corporate data. As corporate data is stored alongside personal data and apps, having a mobile device management solution that helps secure BYOD devices and containerize the corporate data stored in them is essential to prevent unauthorized access to sensitive data.
Allow only trusted USBs and peripheral devices
Unable to access corporate resources during quarantine, end users may have resorted to working with personal storage devices such as USBs, NAS systems, and other auxiliary devices. Untrusted removable devices are one of the primary vectors used to deliver malware to systems. To prevent such incidents, you should implement a device control program based on Zero Trust to allow only authorized devices to connect to your company-owned devices, as well as set file transfer restrictions to further prevent the intrusion of malicious executables.
Reset passwords and enforce complex password policies
With remote work blurring the lines between devices used for work and personal purposes, there’s a high probability that your users shared their credentials with their family and friends. It’s only reasonable to force them to reset their passwords based on complex password policies once they’re back at the office.
Revoke inessential software licenses
Remote work necessitates the deployment of remote collaboration and conferencing tools; once work resumes at the office, these will no longer be essential. Run an inventory scan to detect those applications and revoke their licenses to cut down on unnecessary costs and storage.
Prioritize and patch vulnerabilities
There are plenty of reasons why your remote endpoints might fail to stay up-to-date with software patches. Keeping all software patched in a hybrid IT ecosystem is a pain, even within the corporate network. Now that devices have left the premises, many organizations are relying on a VPN to conduct their patching procedures. This often results in bottlenecks that slow down the update process. Besides, remote users often skip the update prompts or postpone updates to their systems indefinitely. And there are servers in the office premises that have remained off throughout the remote work phase.
Many devices have likely accumulated a heap of vulnerabilities while employees have been working from home. If there are too many endpoints to patch when you return to the office, conduct a vulnerability assessment to predict which vulnerabilities are imminently exploitable and have far-reaching consequences, then prioritize the patches that address them. Last but not least, don’t forget to test patches in a pilot group of machines before rolling them out to your production environment.
Ensure your antivirus is up and running with the latest definitions
It’s not uncommon for employees to temporarily disable their antivirus when it overrides certain actions like running installers, then forget to re-enable it later. New viruses are identified every day, and vendors are rolling out definition files at an equal rate. Chances are your remote endpoints have failed to keep pace. As soon as employees return to the office, sweep your network for endpoints with disabled or out-of-date antivirus and make sure they’re running enterprise-grade antivirus with the latest definitions or signature files.
Firewall traversal from remote hosts must be disabled
Remote connections that bypass the firewall should never be allowed since there is no way to verify if they can be trusted. Disable “Enable firewall traversal from remote access host” in Chrome browsers of your network systems, as it allows remote clients outside the network to connect to the network systems even if they are separated by a firewall.
Establish a secure foundation with security configuration management
Preventing threats from entering your network is the first and foremost step in strengthening your defense. But if by an unlucky accident an exploit or malware seeps in, they will leverage misconfigurations to worm their way into their intended targets. The possibility of poorly documented configuration changes, and technical issues in endpoints that lead to misconfigurations, are high during remote work. Sniff out machines that lack appropriate security settings or were left with default configurations and bring them back to compliance.
Block unauthorized and insecure applications
Remote endpoints, if left unmonitored, could serve as a host for a hoard of unauthorized and untrustworthy applications. Hauling these endpoints back into your network comes with serious security implications. You should implement an application control program that substantially reduces and restricts the number of running applications to only what is trusted and deemed essential by your organization, thereby mitigating potential risks.
Besides implementing these cybersecurity measures, we shouldn’t forget the lesson driven home by the pandemic—that organizations need to plan ahead if they’re to support their workforce in the event of a crisis. For all we know, a second wave of COVID-19 may be lurking around the corner. More so now than ever, organizations need to revise their contingency plans and be better equipped to handle any future crises.
Whether to support your distributed workforce in a time of crisis or keep up with future trends, our unified endpoint management and security solutions are the go-to tools to empower your workforce with safe and efficient working conditions, no matter where they are.
** Optrics Inc. is an Authorized ManageEngine partner
The original article can be found here: