Due to the Coronavirus pandemic, many employers are opening the door to let those who can work from home to do so. PureIT Credit Union Services can quickly and efficiently stand up remote access solutions for its partners and is working around the clock to meet the demands. However, due to the critical needs related to the current pandemic, many businesses have no choice but to do something quickly.
Steve Koinm, VP Professional Services, recalls their recent project where, "In a timeline of two days with 18 engineers, the credit union gained full remote capacity for 200 of their staff, and plans to add 1,300 additional remote users within the week."
Synchronizing these moving pieces over a marathon of a weekend was a monumental task, but implementing a technology tool is not a guarantee for success. As our technology tactics improve, they are all subject to user error, and frankly, human nature. Mistakes happen, and in our mad dash to create a solution, it is crucial to offer robust education and thorough technology support for end users.
Enterprises are moving swiftly to implement the rudimentary technology to allow necessary remote access, postponing the in-depth risk analysis that would typically take place. For those businesses, like the credit union mentioned above, the following are a few security tips that will start you down the right security path.
All security control systems have three components; People, Process, and Technology.
The foundational control is People. Many of your employees will be new to working from home. They will access the internet through their home network, and most of them will use their home systems to connect. Education is your best near-term control. Here are a few essential items to educate them on the new risks associated with working from home.
- Secure your work area at home. When at the office, you benefit from the building security. Where is your homework area? Is it a shared area with a roommate? Do you share a home computer with the family? Logout and lock your computer when not working, and lock up any paper or reference material.
- Ensure the user system is protected with current antivirus.
- Avoid public Wi-Fi hotspots. The temptation to convert work from home into work from the local coffee shop is real.
- Beware of phishing scams. The incidence of fraudulent emails has spiked with the pandemic fears. Tell your workers to be extra vigilant of emails appearing to come from human resources, insurance carriers, or other work functions, asking for sensitive data.
If one does not exist, initiate a Process to track users and their activities by which you authorize remote access to a VPN connection and log actions taken by users. Other useful security practices include:
- Use strong passwords
- Set up two-factor authentication
- Install updates regularly
Remember, even though you are under time pressure, implement the remote access Technology securely.
- Securely configure the router or VPN concentrator.
- Ensure all hardware is patched.
- Do not use “leftover” equipment.
- Use strong encryption with effective key management.
Finally, there are many cloud-based “out of the box” solutions that are built for general business access. Credit union traffic that contains PII requires robust security. Look for a provider that services other financial institutions and understands the industry and regulatory requirements.
My ultimate advice is to align with a trusted partner, but if you must do something in the interim, take all the security steps you are able, and follow up quickly with an audit and risk analysis.
Don't have a trusted professional service adviser? We are standing by to ignite a remote workforce for your credit union, please email firstname.lastname@example.org