As working from home continues to expand and becomes the new normal for many, are the policies and systems you put in place during the emergency work from home period adequate and secure enough to protect you and your workforce?
Based on a recent study publish by Garter: Gartner Managing Ambiguity in Crisis Escalation Procedures report:
- 12% of organizations were prepared for the impact of COVID-19
- 38% of organizations expect expanded/universal work from home to persist long term
- 667% increase in spear-phishing attacks since February 2020
Set access policies for remote workforce.
If you have deployed SSO and MFA to all your employees, consider creating more granular access policies based on user, device, network and location context. Ideally, you can create granular access policies that align the strength of the policy to the potential risk associated with the login. Examples of these policies include:
Disallow POP/IMAP based authentication to Office 365
POP/IMAP protocols bypass multi-factor authentication requirements. Because of this, it’s best to block access to Office 365 from these protocols altogether. This should be supported by policy that requires MFA for all remote access.
Creating network blocklists
If your organization needs to block access from known bad networks, anonymized browsers, or risky geolocations, create policies that either deny access or prompt for additional authentication when a user accesses their apps from these types of networks.
Email notifications for end users
End user visibility is important. As remote employees may need to access corporate resources across different device types, it’s helpful to have notifications sent to users when suspicious or infrequent activity like new device logins, MFA enrollment, or MFA resets are detected on their account.
Enable managed device checks for mobile and desktop devices
A remote workforce means you’ll likely need to allow Bring Your Own Device (BYOD) to eliminate any sort of end user friction when accessing apps. To ensure that only known, managed devices are accessing corporate resources, integrate your SSO solution with an endpoint management vendor to deny access or prompt end users for enrollment on unmanaged devices.