The Remote Workforce Security Guidebook | Critical Start
Prepare your business with On-Demand Breach Response

The Remote Workforce
Security Guidebook

The cyber landscape has shifted from roughly 15% to over 80% in just 2 weeks! The legions of personnel without enterprise protections at the office, including enterprise security protection and monitoring, has jumped drastically. In order to protect your organization’s critical assets, data, and people, we built a guidebook that will walk you through critical steps, priorities and essential tools to consider – written by a team of cybersecurity leaders.

Practical Guidance & Security Implementations

Utilize 2-Factor (2FA/MFA)

Minimize the impact of phishing emails and other identity based attacks

Guidance:

Implement 2-Factor (2FA/MFA) authentication everywhere possible. This goes for internal applications AND cloud-hosted applications.

A second factor of authentication upon login makes a cyberattack much more difficult., This Playbook item is the single most important step when it comes to minimizing the impact of phishing emails and other identity-based attacks.

Lastly, if you have SSO (Single Sign-On) enabled, you can require 2-Factor authentication at logins across your organization’s infrastructure.

Practical Tools:

Microsoft Office365 – free implementations from Azure AD Free to Premium E3/E5 & P1/P2 Licensing

RSA SecurID – free for 1 year currently

Okta Verify

Cisco Duo – free for a limited time

Deploy Endpoint Protection, Detection, & Response Tools

Utilize, EPP, EDR, and MDR to secure your Endpoints and mitigate incidents

Guidance:

Locate and resource dedicated hardware that will leave your premises for operations to continue with remote employees. Local stock of laptops may be scarce, but so are your security tools on those new endpoints.

Utilize Endpoint Protection (EPP), a tool defined as the replacement of Anti-Virus and capable of thwarting malicious attacks before they occur on the endpoint.

But when the milk spills, and it will, utilize an Endpoint Detection and Response (EDR) tool that provides capabilities to remotely investigate and remediate critical endpoints that have access to corporate data!

Better yet, have someone help you 24X7 with the deluge of alerts coming from your multiplied environment, especially EDR tools, with Managed Detection and Response (MDR). The best MDR will give you real control through transparency, visibility, and expedient remediation of Security incidents along with the power to do all of that even on your mobile phone. Plus, an MDR deals with the super-majority of alerts, and that allows your Security personnel the real ability to focus on what matters the most in your organization.

Practical Tools:

EPP:

  • SentinelOne CORE – free option March 16th through May 15th
  • Microsoft Defender
  • Palo Alto Cortex XDR Prevent
  • Blackberry Cylance Protect – free option for 60 days
  • VMWare Carbon Black Cloud – formerly "Defense"

EDR:

  • SentinelOne Singularity
  • Microsoft Defender ATP
  • Palo Alto Cortex XDR Pro
  • Blackberry Cylance Optics
  • VMWare Carbon Black Enterprise EDR – formerly "Response"
  • CrowdStrike

MDR:

  • CRITICALSTART MDR – free option of MobileSOC to resolve alerts “on-the-go" through May 15
  • Arctic Wolf
  • eSentire

Employ Secure Remote Access (VPN/CASB)

Implement VPN, SaaS-VPN, or CASB to accomplish a secure connection for your users.

Guidance:

Adding potentially ALL of your users to VPN is daunting. Enable all of your remote users to access necessary business applications and data but utilize a secure channel to do so. Practically, if you already have a VPN solution, you will need to verify you have acquired the licensing to scale to your number of needed users as well, and all of them potentially simultaneously. If you don’t have a solution in place to allow remote connections today, implement VPN, VPN-like SaaS, or even CASB to accomplish a secure connection for your users.

Cloud Desktop Migration (Desktop as a Service – DaaS) Immediate access to desktops for remote workers is available in a turnkey approach with the leading cloud platform providers. These virtualized environments allow centralized management and can restrict the storage of confidential data to personnel devices. Standard endpoint security and monitoring is still a requirement with these solutions and can be quickly integrated with existing contracts.

Practical Tools:

Palo Alto Global Protect – free for a limited time

Cloudflare (SaaS) – free for a limited time

Tempered – free for a limited time

Netskope

Microsoft Virtual Desktop – available for immediate spin up and included with some of the Microsoft o365 licenses.

AWD WorkSpaces – offering workspaces for up to 50 users at no charge for new customers until June 30.

Centralized storage is an essential part and it is recommended to use Microsoft, Google, DropBox, or Box for storage and sharing between teams

Shift Schedules & Encourage Team Collaboration

Schedule Security personnel that monitor alerts in distinct shifts

Guidance:

With more employees working remotely, you will have a shift in schedules for people working from home. Consider scheduling security personnel that monitor alerts work in distinct day and evening shifts to accommodate a rise in employees working later. Collaboration here is key, so utilize resources and messaging that will be seen and utilized across the Security team.

Practical Tools:

Microsoft Teams – free for basic tier and included

Slack
– free for up to 10 users

Webex
– free for a limited time