In what feels like an overnight turn of events, the world’s population has been forced to, depending on industry, begin working remotely from home, given the continuing spread of COVID-19. While we here at DMS iTech feel that, at some point in the future, things will go back to normal and that we will all overcome the challenges presented by this outbreak – after all, the U.S. and New York City in particular pulled together and got through the horrific events of September 11, 2001 (and its resulting consequences) – we wouldn’t be doing right by our valued customers if we didn’t keep you abreast of some important elements.
As such, we’d like to make high-level managers and IT department heads of organizations aware of the challenges a work-from-home scenario poses from the perspectives of security, support, options and more. So in this blog, we’re going to cover such topics as VPNs (virtual private networks) and VPN policies, the need for two-factor authentication, expanding management capability to the “home” computer, reviewing options for internet bandwidth and connectivity and ensuring all critical systems are set up with remote management capabilities.
Virtual Private Networks
A virtual private network extends a private network across a public network and enables users to send and receive data across shared or public networks – as if their computing devices were directly connected to the private network.
VPNs are an excellent way to secure traffic to and from a client to the network, but the key is ensuring the client/endpoint is secure. Home computers, lack of antivirus protocols, lack of management and lack of policies can all put a network at risk in this era of remote work. What we suggest you do is consider reviewing your VPN policies – both at a technical/network level and business level – to ensure that only required traffic is permitted, and only to required locations; indeed, in these cases, “allow all…from anywhere” isn’t the best stance to take.
Two-factor authentication is a type, or subset, of multi-factor authentication, with multi-factor authentication representing a method in which a computer user is granted access only after successfully presenting two or more pieces of “evidence” to an authentication mechanism (knowledge, possession and inherence).
In the current work-from-home climate, the need for two-factor authentication becomes important, as once we start allowing variations in trustworthiness – such as off-network access and non-corporately-managed/maintained systems – there’s a much greater need to ensure users are who they say they are. What’s more, this approach becomes even more vital because we can no longer review audit logs to look for “anomalies,” because the whole world looks like one right now.
The way we see it, the very least you can do is consider two-factor authentication.
Expanding Management Capability to “Home” Computers
Consider expanding your management capability to a “home” computer (if it is not a corporate system), taking into consideration factors such as operating system version (Windows 7, as an example, is an end- of-life product compared to Windows 10), edition type (Home versus Pro/Enterprise, for instance), any security and stability updates being performed (such as Windows updates) and the presence of antivirus protection (or ensuring systems are up-to-date).
You may need to expand your number of licenses in use in order to accommodate these systems, in order to ensure that they don’t pose potential risks to the network.
Reviewing Options for Internet Bandwidth and Connectivity
Here’s what is most important to take away from this: What might be considered normal for any given time in an office may not be when services and roles are reversed. For example: It is not uncommon for many small-to-medium-sized businesses’ internet packages to lack bi-directional capability as it relates to quality in both upload and download tasks; many are listed as “150/15” or “75/15,” which is typically going to be listed as “download/upload,” equating to 150mbit download to the office and 15mbit download from the office.
When users are in an office on a day-in, day-out basis, the aforementioned data is probably more than enough, but when users suddenly begin working from home, that requirement may be completely reversed (in other words, users would be trying to get data from the office, which is using the bandwidth in the opposite direction). The best analogy we can make with regard to all this is to imagine a freeway during rush hour, and how during the mornings the traffic to the city is far heavier than the traffic going in the opposite direction.
Additionally, it may be wise to ensure there is a secondary internet connection in case of outages, overuse, the need for emergency connectivity or just to make way for a “non-congested” route (so, for example, voice traffic may take one path and bulk internet may take another).
Finally, it’s important to ensure that all critical systems are set up with remote management; in many instances, remote management capabilities are built into devices such as servers, power management units and storage units, with some of these capabilities allowing for functions like remote power on, remote console and even full control over the boot process.
All too often, these features are cut at the time of purchase to minimize costs, but can be added after the fact, and can greatly reduce the need for having a physical pair of hands on-site at all times.
At a time when uncertainty seems to be the only certainty, DMS iTech is here for you with a plethora of proven products, applications and support guidance. Please contact us directly for more information about operating your business and its systems in this remote workplace environment.