As the COVID-19 pandemic continues to upend businesses, companies that can remain operational via work-from-home scenarios are now in the middle of a massive, unplanned experiment. Can work be done effectively and securely with hundreds (or thousands) of employees remotely accessing the network on a wide variety of devices?

For these newly remote employees to work securely, businesses must shift from a device-centric approach to security focused to one that is both user- and data-centric. Many employees likely don’t have their office equipment with them. They are accessing the network on personal computers and tablets, and they may be sharing these same devices with other family members.

While the cloud has helped remove device-based thinking when it comes to data and network access, world events are now forcing more businesses to take a hard look at just how secure the cloud can be.

MSPs will play a vital role in helping these companies protect their employees and their data by enabling their clients to employ the following best remote security best practices:

Use a VPN: Remote employees should be working via the company’s virtual private network (VPN). If the company doesn’t already have a VPN, this is the perfect opportunity to implement one. The VPN will have the same security tools as the office, which will ensure a secure workflow.

Network segmentation: For remote employees, network segmentation of their home network can also mitigate risk. An employee’s home network likely has several devices connected to it (routers, TVs, game systems, etc.), and each one represents a potential vector of attack. Network segmentation can help ensure data security and reduce potential damage from a ransomware attack.

Remote support: With remote network maintenance, device management and cybersecurity tools, the MSP can help ensure the health and safety of employees and clients by reducing the need for on-site help if there’s a failure.

Software updates: Traffic via online meeting tools like Zoom, WebEx and Skype has skyrocketed. Make sure clients have updated software across all devices and are following basic security protocols (like requiring passwords and not allowing participants with unknown names or credentials).

Cybercriminals Exploit Crises

This is also an excellent time to refresh everyone’s remote security training when it comes to spotting a phishing attempt. A crisis like this encourages cybercriminals to launch new types of attacks that can easily fool remote employees who are stressed and disoriented by this new work environment. Employees also may be distracted in what is for many a much more chaotic and disorganized workspace.

At home, everyone’s guard is down. Your clients’ employees aren’t used to applying their corporate security protocols to their home life. That makes them more likely to fall for a spear-phishing campaign. If they were to receive an email or phone call from someone claiming to be from IT or human resources, they’re more likely to fall for it than they would in their office environment.

MSPs should advise clients about best practices when working from home. This can include both technology-related operations (like email protocol), as well as non-technical ones, such as how to avoid falling for imposters asking for credentials. There are also other areas of concern, such as:

Printers: Working from home may require using a personal printer to obtain hard copies of documents. These documents have to be secure and destroyed following office protocols to ensure compliance with regulations like HIPAA, and to avoid having sensitive information exposed during recycling or garbage pickup.

Personal devices: When working from home, employees are more likely to fall into bad habits around using personal email or phones to communicate with co-workers. MSPs can help their clients ensure that all email and messaging systems are encrypted and secure.

Google Docs: Google’s shared document platform is getting a lot of traffic as more people shift to working from home. While Google Docs makes it easy to collaborate, its link sharing features can create security vulnerabilities. Link sharing should be disabled.

The abrupt shift to working from home while sheltering in place has been challenging and stressful for companies and their employees. MSPs can help reduce that stress (and reduce risk) by making sure that robust security policies and practices are extended to every end user, no matter what devices they’re using and where they’re working.

Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.

This guest blog is part of a Channel Futures sponsorship.