By Jon Derrenbacker, CISSP, OSCP, Senior Systems Engineer | Christopher Moschella, CPA, CISA, Risk Advisory Services Senior Manager
Frequently asked questions on Remote Work Security
Presenter Chris Moschella,CPA, CISA Senior Manager and Senior Systems Engineer, Jon Derrenbacker, CISSP, OSCP answer questions asked during Keiter’s Remote Work Security Webinar from 5.19.20.
How can I tell if remote administration is configured on my router?
This will vary from one router to the next. On a Verizon Fios router, however, use the following steps.
- Login to your router
- Navigate to the Advanced menu (top right-ish of the page)
- Click on Remote Administration under Utilities.
- Verify neither of the checkboxes under “Allow Incoming WAN Access to Web Management” are If they are checked, you have remote administration enabled.
Should companies inspect employee home networks to ensure they are secure?
It might be feasible to offer a home network inspection to employees who are concerned about their home networks. However, many employees might perceive mandatory home network inspections as overly intrusive into their personal space. Even with mandatory network inspections, alterations made to an employee’s home network could not be considered long-lived. That is, the employee or anyone in the home can undo any changes made during the inspection. Therefore, a business could never rely on secure home networks as part of business’s security posture. For those reasons, we believe that a measured approach where employees can opt-in may be beneficial, but should not be relied upon.
How can we prevent employees from installing games or other unapproved software on their computers?
The easiest way is for users on your network to not have local administrative rights on their laptops. Installing software on a computer typically requires local administrative permissions, and by denying those permissions, you can prevent the user from installing software.
However, this is not always a workable solution. Some applications that employees use to perform their job duties may require the user to have administrative rights to the computer for the application to function.
In that case, an alternative to consider is Windows 10 App Locker. This provides your network administrators more control over what applications are allowed to be installed and run on a computer. Read more about it here: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview
How can I tell if employee computers are getting updates?
If your Microsoft and AV are configured to be automatically updated by Microsoft and your AV provider, they are probably still getting updates as long as those computers are connected to the Internet. Having computers update themselves in this manner, however, can make tracking updates difficult. As a side note, most organizations will mature out of “automatic updates” so they can exert more control over the update process and avoid issues which might arise out of a buggy update.
If your computers previously received update instructions via Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM) services on your corporate network, then the computers will only receive those instructions if the computer is connected to the corporate network. If employees are able to perform their job duties without direct access to the corporate network, then you might find the falling behind on updates if the employee is not connecting to the corporate network.
The way to check on the status of these updates is to inspect the reporting available directly through SCCM reports and WSUS logs.
What did the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) recommend regarding Office 365?
See the reference below and the excerpt of their high-level recommendations.
References: https://www.us-cert.gov/ncas/alerts/aa20-120a
CISA encourages organizations to implement an organizational cloud strategy to protect their infrastructure assets by defending against attacks related to their O365 transition and better securing O365 services.[9] Specifically, CISA recommends that administrators implement the following mitigations and best practices:
- Use multi-factor authentication. This is the best mitigation technique to protect against credential theft for O365 administrators and users.
- Protect Global Admins from compromise and use the principle of “Least Privilege.”
- Enable unified audit logging in the Security and Compliance Center.
- Enable Alerting capabilities.
- Integrate with organizational SIEM solutions.
- Disable legacy email protocols, if not required, or limit their use to specific users.
Remote Work Security Webinar:
About the Authors
Jon Derrenbacker, CISSP, OSCP, Senior Systems Engineer
More Insights from Jon Derrenbacker
Christopher Moschella, CPA, CISA, Risk Advisory Services Senior Manager
Chris is a Senior Manager in Keiter’s Risk Advisory Services. Chris has a strong combination of IT skills, which range from IT audit and internal control assessments, including general computer controls and application controls, to full stack web development. Most recently, Chris developed a Cybersecurity web application that assesses an organization’s resistance to social engineering attacks. Chris shares his cybersecurity insights on our blog.
More Insights from Christopher MoschellaThe information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.
