Home office security assessment
Exceptional situations lead to special measures. Due to the current events concerning the corona virus, companies are faced with a new challenge: They have to provide their employees on short notice with resources in order to enable them to work efficiently from home. Here, fast practical solutions are sought. IT security is secondary.
The introduction of such infrastructure comes hand in hand with a considerable change of the attack surface of a company. Due to the carelessness regarding security, a wide and maybe easier gateway is opened for attackers in order to access important business components.
Even though employees are trusted, new challenges arise in handling of confidential data such as customer data or business secrets. While access to this data was primarily possible within the internal corporate network only, it is now also possible to access the data via a more exposed IT infrastructure.
Due to these reasons, it is recommended to assess the IT security of a home office implementation in a dedicated security assessment.
As part of a Home Office Security Assessment, the following areas are covered:
- Evaluation of the employed authentication solution of the company network (SSO, MFA, etc.)
- Assessment of the secure access to the corporate network (e.g,. via VPN), as well as to possible resources in the cloud
- Review of the firewall rules to protect the corporate network against attackers
- Analysis of the approach for provisioning of client systems (staging, provisioning, etc.)
- Analysis of the processes for client management (patch management, protection against malware, etc.)
- Assessment of security-relevant configurations and hardening measures of client systems (e.g., disk encryption or rights management)
- Security awareness of employees when working with sensitive data in private or public spaces (screen protection, screen lock, etc.)
As a result, you receive a detailed report containing the current IT security of your home office infrastructure. An essential part of this report are recommendations for improvements and countermeasures to the findings.
Additionally, an audit of the home office infrastructure can be combined with a Penetration Test in order to get a better estimate of the risk from the view of an external attacker. If the access from home office concerns primarily resources in the cloud, a combination with a Cloud Security Assessment is recommended. Further, it is possible to combine the assessment with a more intense Assessment of Client Systems.