Many of us have been pushed to work from home for the foreseeable future as a result of the global COVID-19 pandemic. This raises a lot of questions for IT professionals about getting their team the access they need while helping them to maintain the needed security. Here are some recommendations on how to stay secure while working remote. There are also a few things that you and your IT team should look out for.
What NOT to do
One way to give quick and dirty remote access to users is to get on your firewall and open remote desktop up to the world. This allows users to simply remote directly into their workstation in the office to do their work. This may be tempting for IT guys because it’s easy to do.
DO NOT DO THIS!
While this is an easy way to give users an experience from home like what they enjoy in the office it is COMPLETELY insecure. If you can remote in that way, it means that anybody can do so. Having open RDP to the world on the firewall is one of the biggest entry points for ransomware and other threats. Coveware reported in their 2018 Q3 ransomware report that over 90% of ransomware attacks occur due to RDP exploits.
Securing Cloud-Based Solutions
The cloud can be quite secure if administered properly. Servers for cloud-based applications are usually in secure data centers that have extensive security. They are behind strong firewalls, and extensive physical security.
Most cloud-based applications can also be configured with MFA (multi-factor authentication). This is where you need to work with your IT team to ensure things are put in place. They have the capability to do MFA, but in most cases, you must turn it on and configure it.
The most common way is to have an authenticator app on your phone. When you log in to the application it asks you to enter a 6-digit code from the authenticator app. This gives a second point of verification beyond your password and will stop the vast majority of hackers dead in their tracks. Take the time to turn on and test MFA and ensure that your organization is trained on how to use it.
Secure Access to On-Premise Applications
There are several good ways to get secure access to applications that are housed on your On-Premise servers. VPN’s can be a good solution depending on the application, terminal servers with remote desktop gateway, and published applications are all good options.
VPN stands for virtual private network. Essentially this is a simple way to encrypt traffic between the two networks (home and work) and maintain security. Once your VPN is connected you can remote desktop securely into a machine on the network without a problem.
VPNs are also great for folks that just need secure access to the file server at work. With the VPN connected you can browse the same shares as you do when you’re in the office.
Most VPN’s have a client that you load on each laptop that helps them to authenticate to the network. Alternatively, they’ll have a web interface where you can log in and get connected.
VPNs work great for a lot of tasks. However, beware if you want to run a database program over the VPN to a local client on your machine at a remote location. This will likely be cumbersome as the VPN adds some overheard to each transaction. This becomes a problem with database applications because those queries become too much. Applications such as QuickBooks will not run over a VPN, so you’ll want to consider one of the other methods I’ll outline below.
Terminal Server with Remote Desktop Gateway
Another great option for remote access is a terminal server. This is a technology that has been around for years and years. The idea is simple. A terminal server is made so that multiple users can all log onto it at the same time and get a desktop-like your work computer.
The terminal server is on the same network as all your other servers, so response times to queries are fast and responsive. There are no issues with database applications. They perform the same as if you were on the same network. This is because your terminal server session does all the computing locally. There is no data passed back and forth from your machine.
In recent years Microsoft has added remote desktop gateway functionality. This allows users to simply hit a webpage, authenticate, and get right to work. This is a simple, effective, and secure solution for remote computing.
Citrix originally coined the term published applications many years back. The idea is like a terminal server. On-premise servers serve up the application. However, instead of remoting into the terminal server to work the applications connect to the server behind the scenes and appear to be running locally to the users. Some IT teams like this solution because it requires no change in behavior on the part of the users.
This technology was originated and made popular by Citrix, however, Microsoft has since included this natively in their server licensing. There may be specific use cases where Citrix can add performance, but for most users, Microsoft’s published apps work well at a lower cost.
Additional Tips to Stay Safe Working from Home
All these methods are great ways to be able to work from home safely and effectively. Work with your IT team to ensure that you’re following company guidelines for secure remote work. Here are some additional tips we recommend for staying safe online while working remotely.
- Use strong passwords
- Set up two-factor authentication
- Use a VPN
- Use an antivirus software
- Install updates regularly
- Back up your data
- Look out for phishing emails and sites
- Watch out for work-from-home scams
- Turn on full disk encryption such as Microsoft Bitlocker
- Lock your device
Stay Safe Out There
The great news is that with all the wonderful options we have to work at home we can stay productive and safe during this time of crisis. Take care to be mindful of security and consult with your IT team during the process to ensure that you can stay safe.
About the Author
Mike Herrington is a 12-year veteran of the Managed IT Services space. He works with small and medium businesses daily to consult on security, IT strategy, cloud solutions, and disaster recovery planning. When he isn’t geeking out on the latest technology he loves to spend time with his wife and three children, go running, and build cool stuff in his woodshop. You can see more of his writing here.
Ready to Get Started with mDS?
Fill-out the quick form & a MDS technical expert will contact you soon!
+1 (888) 123-4567