10 Top Tips for IT Pros Working From Home

PCMag
PC Magazine
Published in
10 min readApr 24, 2020

If you’re an IT professional, odds are you’re working remotely along with your users, supporting them at home, while still managing your on-premises infrastructure. Here are some easy tips to help.

By Logan Harbaugh

IT professionals are facing a tough situation because of the coronavirus. Not only are most of their users now working remotely, but much of the infrastructure those users rely on is either in the cloud managed by third parties or trapped back in the office, a place you’re no longer supposed to visit. At no time in IT’s history have networks and IT resources been more distributed, and that’s making things a lot more difficult for IT pros who are also trapped at home.

Whether you’re an enterprise or a small to midsized business (SMB), your users are likely accessing their tools via cloud services managed by third-parties, virtual infrastructure also residing in the cloud but managed by you, and odds and ends of legacy equipment that’s still living at the office. Worse, some of those users are probably starting to use infrastructure living on their home networks to complete tasks or store their work, and that’s stuff you can’t even see. That’s a lot to tie together securely with today’s remote access tools, and it’s also a difficult load to manage if you’re running the business’ help desk. If you’re facing all or part of these challenges, here are 10 tips to help.

1. Secure Every Connection

A virtual private network (VPN) connection may be secure against an external attack between a user’s home and your corporate network, but unless both networks are also secure, you have holes. If someone can log into a home user’s network, they may be able to use the VPN connection to attack the corporate network as well, especially if the user is leaving that connection up while they’re not actually working. Not only that, but once on the corporate network, a sophisticated attacker could also access all the other home networks connected to your central office system.

Make sure there are VPNs and remote access gateways between as many connections of your distributed network as possible, and let users know to only engage those connections while they need them. You can create a document and make sure they all have it, hold a webinar where you explain the problem and teach them how to protect themselves, or simply work with them one on one over the phone if your user count is low enough.

2. Secure Those Home Networks

Many users, especially those living in the suburbs where neighbors can live out of Wi-Fi range of each other, still give their home network security short shrift and instead rely on basic PC-resident firewalls and antivirus software to protect them. At a minimum, you need to educate these users on how to reconfigure their routers for better security and if they need help doing so, then provide that help over the phone if necessary. If possible take even stronger measures.

For example, most business-grade routers allow for separate users to have different permissions and access to different network resources. However, most users won’t know that their home wireless routers likely have the same capability even if it’s configured in a different way. Work with users to find out what router they’re using (help with that below), how it can be used to segregate corporate traffic from other home or guest users, and then help them configure it that way. Another option, if you’ve got budget, is to add a second box, preferably a wireless VPN router, to each home network, with only the corporate employee as an authorized user.

3. Keep Track of Identity

When everyone is working remote, it makes a lot of sense to focus on your identity management practices. It’s probably too late to install a whole new identity management system, but it’s a good idea to dig into the documentation for whatever solution you’re using and look at what other features you can enable to help keep users and your resources secure. For example, if you haven’t yet enabled multi-factor authentication (MFA), now would be a good time to set it up, Also look at your best practices.

For occasional use, many network managers use one network account for both internal network use and remote use. However, for a long-term, fully remote environment, it makes sense to have separate accounts, to make sure that internal resources aren’t exposed via remote connections unless absolutely necessary. Additional user management software can also make sure that remote users can’t connect to the corporate network without certain criteria being in place. That could include the latest version of the antivirus signature file, that certain security options are set properly, and even that certain software is, or is not, installed.

4. Standardize Home Routers

It’s difficult, but if it’s at all possible, you should work hard to standardize home routers as much as you can. Home users who have purchased their own routers will probably buy the most inexpensive or readily available box; however many urban internet service providers (ISPs) provide default routers these days along with the cable modem, so it also pays to find out what those are and obtain the appropriate documentation.

And while it’s expensive and will take time, it may well be worth your while to select a router with management features you like that can be pre-configured, and then shipped to each home user. This is much simpler than supporting a dozen or more separate models, even if you can remotely log into them, which is often difficult to set up while maintaining security, especially with cheaper, low-end routers. If you have trouble justifying the expense, remember that this work-from-home scenario may very well become permanent for many businesses at least for a significant percentage of their employees. Viewed through a long-term lens, changes like these can make a lot more fiscal sense.

5. Management Software Is Your Friend

Harried IT professionals often don’t dig into all the capabilities of their management tool set, focusing instead on just those features they need to get through a typical day. However, your typical day has changed, so it makes sense to take another long look at exactly what’s in your tool box.

Desktop configuration management, network monitoring, identity and user management tools, and even endpoint protection suites all contain features, often highly sophisticated, that directly pertain to remote access and remote management. That means you can implement advanced user and security features while reducing or even eliminating the need for on-site visits all without changing the tools you’ve been using. Management systems can also ensure that all users have the same versions of VPN software, signature files, encryption and authentication keys, and so forth, and once that determination has been made, even automatically update software or file versions that are out of date.

Such capabilities are also highly useful if you’re managing infrastructure in an office that’s now basically abandoned. While some problems will require an on-site visit, most can be resolved remotely using the right infrastructure management software. Additionally, business-grade equipment, especially routers, switches, and servers, will often have highly sophisticated remote management options included as part of their own systems. That’s well worth investigating and implementing, too, if you haven’t done so already. Some, like hardware add-on cards that enable remote server reboots, can cost extra money and require at least one on-site visit to install; but once you make that investment, you’ll have a whole new tool suite of capabilities available to you from anywhere. Just be sure to understand these capabilities fully and enable the right security settings to keep your perimeter solid.

6. Encryption Is Key

Remember to encrypt data at rest as well as in transit. If users are storing data on their local home systems, ensure that it’s in a separate user account, and then equip that account with encrypted folders. Many home systems will have multiple users sharing a single login account, something that’s certainly not optimal for business security. Not only is a teenaged user downloading music likely to inadvertently install malware on the PC, but the bad guys behind that code will now have access to all corporate data on the system unless you protect it.

VPNs protect an internet connection as a whole, but keeping recreational use segregated from business use on the device itself is also important for data safety. That’s especially true for long-term remote access scenarios, and encrypted folders are an excellent way to do it. A separate PC with a secure password is obviously the optimal solution, but if you’re forced to accept home devices as business tools during the pandemic, then separate, secure user accounts with both encryption and corporate level malware protection should be a minimum.

7. Standardize Cloud Services

Many organizations have collaboration software or other cloud productivity apps that were set up by individual departments, resulting in multiple apps performing the same basic task across an organization. For IT administrators already swamped with new remote access headaches, this is far from the best setup. Fortunately, because these services are in the cloud, choosing and migrating to a single service is completely doable even while everyone is working from home. This can be a lengthy process, but it pays dividends by reducing overall management problems, minimizing your attack surface for better security, and even decreasing costs.

Additionally, while you’re migrating systems, you’ll likely find that there are many settings and options in place on lesser used services that aren’t optimal when seen from an IT pro’s perspective. One example is video conferencing apps, like current internet darling, Zoom Meetings. Many home users are connecting over Zoom because they’ve encountered it socially. But those users likely don’t realize that conferences established with default settings in Zoom don’t require a meeting password. That may work for the department head’s virtual birthday party, but it leaves a gaping security hole for more sensitive communication, like the annual corporate strategy meeting.

8. Beware of Defaults

Many businesses, especially SMBs, are operating as though the coronavirus shelter-in-place lifestyle really isn’t much different from working in the office. The ubiquity of Wi-Fi networks and cloud services are the most obvious culprits. When they plug their laptops in, the network appears and their services are there. But that’s viewed through a user’s perspective not an IT professional’s. You can’t leave your overall networking system with its old configuration settings and simply assume your users’ home Wi-Fi and a bunch of third-party cloud services will pick up the slack.

Endpoint protection, large-scale remote access, cloud backup services, online file shares, remote printing — all of these are just some of the systems you were probably using a few months ago that need a close look and likely some configuration tweaking to work at their best now that your users are spread out. Virus updates need to be automated and verified; remote access identities need to be cataloged, controlled, and enhanced with MFA; data needs to be stored in easily-backed up folders on local devices both automatically and via policy. All that takes investigation and testing by an IT professional followed by clear communication, documentation, and automation for users.

9. Look to Reprioritize

Life for remote workers is different than when they’re working in the office, which means they’re depending on different or maybe just more tools than they were before in order to get work done. IT needs to keep pace by prioritizing certain key apps, which for most companies will include online collaboration solutions, like Microsoft Teams, as well as voice over IP (VoIP) and video conferencing apps. These platforms are going to become more important than ever not only so employees can communicate with each other, but also so they can stay in touch with partners and customers.

Many departments may be used to choosing their own instant messaging or collaboration software, which means they’re likely using free versions that are widely available. Now that the business is depending on these apps so much more, that’s not secure enough, even if set up properly. Consider choosing standard services for the company, documenting the proper setup, and distributing that version to all employees.

10. Stay Flexible, Take Your Time

Sure, the pandemic hit us all rather quickly, but now that the initial dust is settling, keep your head and do things right. Your initial disaster recovery plan probably didn’t quite fit this unique situation, but by now you’ve used what you could from it and dropped the rest. That’s ok. As the saying goes, no battle plan ever survives contact with the enemy; and that’s especially true in this case. It’ll take time to sort things out, even if the organization was widely distributed and had good security policies before the pandemic. But now that you’ve realized certain aspects of your old system will need to change, take your time and do it right.

Putting those changes into effect quickly is important, but just as important, possible even more important, is make those changes correctly. And a critical part of that is effective communication and documentation. Not just for setting up a new service, but even for day-to-day tasks. When a problem is solved, distribute the solution to all support staff with a complete description, to ensure that the effort doesn’t have to be duplicated and that incompatible solutions aren’t introduced. Keep channels between IT staff open and make sure to meet regularly and often to discuss problems that have been encountered, their frequency, priority, impact, and eventual solution. This is important not only to keep things working efficiently while the pandemic is going on, but also for when things get back to normal and you’re back in the office trying to decide how to modify your network yet again — and that will happen.

Originally published at https://www.pcmag.com.

--

--