Don’t forget about mobile

You’ve probably already invested in a mobile threat defense solution, make sure you have configured that solution to send any threat detections or security events to your centralized monitoring tool (SIEM, EDR, SOAR, etc.) and/or your Managed Security Service Provider (MSSP). Monitor for known bad activity, like command and control traffic, data exfiltration, etc.

Reduce friction where you can

If you’re using any multi-factor authentication tool, you likely know that it adds complexity to the sign in process that many users hate. If you have an opportunity, eliminate that friction. Use a service like Wandera Broker to treat the device as an authentication factor.

Provide good guidance on when to use a VPN

If you use a remote access tool like a VPN, be sure your users know when to use it. Users may experience issues with connectivity in meetings if Zoom traffic, for example, is going through slow VPN infrastructure and through the corporate campus before hitting the collaboration server.

Always-on VPN use is not needed for most of today’s modern remote work use cases. Office 365 and other cloud-based collaboration suites already use HTTPS to protect content as it travels across the network. Use network encryption intelligently and only where needed, for example, for apps that are on-premises and can’t be accessed without a VPN.

Provide data consumption monitoring tools to employees

Make sure your mobile data plan is at the level needed to support the increase in remote working. Better yet, ensure your data can be managed and allocated appropriately by setting daily caps for users according to their needs. Ensure that any travellers who may be stranded have relaxed roaming policies or appropriate plans to support their connectivity needs abroad.

Harden application access

Broker access to cloud applications for sanctioned endpoints only, while reducing friction and requirements for step-up authentications. Apply a continuous risk assessment of endpoints before enabling access. If an endpoint is compromised or at high risk, access can be denied.

Additionally, role-based access control can enable contractors with access to corporate resources from specific applications or web domains.

Document, document, document

Invest in good documentation so employees know how to get online and how to access and use approved tools. Document your acceptable use policies, as well as approved devices and apps. This will help reduce your helpdesk strain by proactively distributing instructions that details how you would like them to connect remotely.