5 Tips for Securing Remote Workers

As organizations hustle to enable employees to work from home, they’ll inherently expand their attack surface. Here are five simple steps that can mitigate the risk in the months ahead. 

1.Don’t Allow OneDrive to Sync to Personal Home Computers

By default, users can sync their files down to their home device. The organization can no longer control or remove access to those files. A policy can be applied to all (or specific) users to block the sync. See the process. Users can still access, edit, and share their files from any web browser, after authenticating. 

2. Implement MFA and Conditional Access

Speaking of authentication, consider this opportunity to implement multi-factor authentication (once the initial spike of work dies down). If home workers are required to login only with a username and password, then those credentials (if compromised) can be used by a bad actor to log in from anywhere. MFA can stop 99.9% of identity compromises.  

You can set Azure Active Directory to allow logins only if devices meet certain conditions. You could deny access to home PCs completely through Azure AD. If users are taking their domain-joined laptops home, then the machine can be trusted more than the home PCs that others may use, and be prompted for a second factor. 

3. Protect Company Data with Intune

If users are to use home PCs, they won’t want to enroll them in MDM. You still need to protect the apps and data that you provide to that PC. The solution is App Protection policies in Intune.  You can use App protection policies to prevent company data from saving to the local storage of the device (see the image below). You can also restrict data movement to other apps that aren’t protected by App protection policies.

4. Be Prepared for Forgotten Passwords

Your help desk will be burdened enough. Use Azure AD’s Self-Service Password Reset to eliminate helpdesk calls. SSPR can be set up quickly and eGroup | Enabling Technologies has packaged services for user communication.

5. Don’t Be Socially Engineered

People will less focused and out of ‘work mode’ while at home. They’ll be more susceptible to social engineering and phishing. If you are using a Security Awareness tool (like KnowBe4), use their content about working securely from home. Either way, remind them of the need to be diligent and the bad actors taking advantage of Corona virus news will help a realworld current event to the real behavior that you want them to exhibit. Free access to online security awareness content. 

Contact our team of experts today to get more information on how to seamlessly secure your work from home setup!

Chris Stegh

Chris Stegh

CTO & VP of Strategy - eGroup | Enabling Technologies

Last updated on May 5th, 2023 at 02:20 pm