Basic Security Controls for your Organization's Frontline Defense

Today’s current era of work has put many organization’s remote workforce strategy to the test or forced them to develop one from scratch entirely. An (ISC)² COVID-19 Cybersecurity Pulse Survey found 96% of respondents’ organizations have closed their physical work environments and moved to remote work-from-home policies for employees.

With many employees working remotely outside of traditional office environments due to stay-at-home orders, the very device one works from has become increasingly important to secure. The above survey of cybersecurity professionals also found that 47% of respondents have been taken off some or all of their typical security duties to assist with other IT-related tasks like equipping a mobile workforce

Due to differences between home remote workstations and those that a company would previously provide in an office environment, some employee devices could be left vulnerable without taking the proper precautions. It is essential to enact proper security controls to keep your organization’s sensitive data secure that might be accessed from these employee workstations.

Here at Electric, we have keen insight into this— more than half of all customer workstations that we onboard do not have the basic security controls that we recommend in place.

As part of onboarding, Electric works with our customers to implement a default set of policies that improve the security posture of our customers’ workstations, which consist of automated security patching, full disk encryption, automated screen lock, and enabled firewall.

Automated Patching

Patch management is an item that should be of concern for your organization. Quick patching of critical vulnerabilities reduces the risk of security breaches that can be costly to your business.

Consider the simple fact that unpatched devices are more susceptible to cyber attacks. A ServiceNow survey found 57% of cyberattack victims reported that their breaches could have been prevented by installing an available patch.

With a multitude of data privacy laws and regulations like GDPR, CCPA, and SHIELD coming into place, it’s important to keep your company devices up-to-date. This will ensure your organization does not succumb to a breach that would then lead you down into further compliance and regulatory issues.

The above reasons should be enough motivation to have an automated patching solution in place. However, consider how automated patching also saves IT professionals the many hours it would take to manually scan devices to assess for a latest version and then have to manually push out the latest version themselves. Automation therefore enables patches to be applied across multiple vulnerabilities in a controlled manner simultaneously which dramatically accelerates the process and eliminates the risk of failure.

Patches can be released between five and twenty times a month. When you consider all of the applications on a given device for one of your company workstations, getting these patches installed in a timely manner has never been more critical as it is today.

Full Disk Encryption

When every hard drive on every workstation at your office has data at rest Full Disk Encryption (FDE) enabled, your company’s entire security posture is stronger. A stolen laptop is no longer an existential security threat. Any sensitive data on the device won’t be accessible to the thief without another vector of attack like stolen credentials.

An example like this Lifespan incident, where a stolen laptop that was not encrypted and did not have password protection in place led to Rhode Island’s largest health network having 20,000 patients’ information exposed.

Such data breaches can be avoided by enabling FDE on your company devices. Both Apple and Windows have their own native encryption software—FIleVault and BitLocker, respectively, that enables encryption out of the box.

Without a group policy tool or similar solution in place at your organization, IT professionals might struggle to remotely enact FDE across an organization’s devices. Here at Electric, we use Jamf Pro and Kaseya for Apple and Windows respectively for device management and the remote implementation of device configurations and security policies.

Beyond simply rolling out FDE, devices should be backed up regularly. If an encrypted disk crashes, it can result in files being lost permanently. Passwords and encryption keys should be kept in a safe place, because once FDE is enabled, no one can access the device without the proper credentials.

Automated Screen Lock

The next policy we recommend is automating screen lock. This involves activating a computer’s sleep mode after being idle for a specified amount of time, and prompts the user to re-enter their password upon returning. This helps ensure devices are not accessible if left unattended.

At Electric, we recommend automating screen lock after 10 minutes of idle time.

As mentioned previously, employee workstations have a lot of valuable and sensitive information on them. Someone leaving a device unlocked while away from their desk leaves all of that sensitive information available to whomever walks past. If they gain access to your computer, they may be able to share, modify, and remove data from your computer.

While this policy might seem redundant for those currently working from home where they trust those they live with, it’s still a good policy to enact. Young children who might not know better could still accidentally delete critical information with just a few keystrokes!

Firewall Enabled

Another one that might seem obvious, but is still important to reiterate, is ensuring that all company devices have a firewall enabled.

A firewall is a type of software (or hardware device) that protects devicess from being attacked over the internet. They monitor inbound and outbound activity coming from your network for suspicious activity, blocking items that are considered dangerous based on a set of security rules.

Firewalls prevent unwanted applications from accessing endpoints by controlling connections on a per-app basis. Per-app protection adds a layer of security for vulnerable network ports that must remain open.

A 2019 cybersecurity incident that impacted a US power grid was later found to be caused by unpatched firewalls. The power grid operator eventually discovered that they had failed to apply appropriate patches to the firewalls that were under attack and the mysterious activity only ceased after they deployed the proper patches.

The above incident ties together the previous mentioned policy of automating patches and this one of implementing firewalls. It’s important to recognize these policies do not act in silos, but rather together to form a strong frontline defense to bolster your organization’s security posture and keep out malicious intruders.

Implementing Default Policies to Secure the Office of the Future

A recent post from our CEO Ryan Denehy discussed how the office of the future has arrived early. It’s now essential to equip your employees and their respective remote offices with the tools needed for the near-seamless production of work, free from technical disruption and business risk.

The policies mentioned above can help your organization mitigate business risk while navigating new challenges brought about by recent shift to remote work. The “new” office starts with leveraging IT as an enabling-function for your team. It starts with rethinking IT and the definition of "office" from the ground up.

That’s why Electric is here to support your organization. Electric can work closely to help you find the right solutions to make remote work easier and ensure your employees are taking the right steps to secure their workstations.



Stay up to date

Subscribe to the blog to stay up to date with all the latest industry news and updates from Electric.