1

Good morning. I am looking in to work from home solutions for our office staff. We are a healthcare faciltiy, so security is paramount. What is everyone using?

Thank you in advance.

19 Spice ups
2

What security issues are you looking to guard against? what sort of access do people need?

For my place, we use a pretty standard VPN but we don’t have much beyond GDPR to worry about and even then it’s more for select teams.

3

Provide your people with VPN access.

Limit program/file access to only the areas absolutely needed by that employee.

Additionally, check Remote Worker Monitoring Pack which allow companies to maintain data security, meet compliance and boost productivity.

4

Healthcare might make it tricky (you didn’t say where you are) due to regulations. A VPN should be doable though. I would stick to company assets connecting only, don’t allow VPN from personal devices.

7 Spice ups
5

We use Cisco Anyconnect and for anyone that does not have a Laptop (only 4) we gave them an older tower and we use a third party IT solution for networking and they have a portal to log into. Then it is an RDP session to their tower in the office.

1 Spice up
6

Virtulization - to be specific Rent a cloud server from your local reputable supplier or big giants (Azure, Aws etc) RDS Licences and you are sorted

or

RDP to your local Office server with RDS Licences and a Good Firewall for VPN (Limited by your Office bandwidth)

1 Spice up
7

Same.

We provided essential staff with company laptops. They were asked to have passwords on their home wifi. A few were given vpns to access files onsite. Very, very few, were allowed to take home their desktops. Even fewer were given shared licenses to use ConnectWise Control to access their work desktop (we have it on-prem and HIPAA compliant). Most of the clinical staff document in a cloud based EMR though, so during the crisis, they are allowed to use their personal computers at home. We normally do not allow that, but we don’t have enough equipment for everyone.

For telemed, we purchased HIPAA compliant Zoom licenses. They are being shared between fulltime and per diem therapists to reduce costs. They are scheduling themselves. We tried the free tier of Doxy.me but it can’t handle the load from everyone using the free version. I’ve heard from other health care workers that the paid tier stable.

We are still looking into Docusign, but that’s my boss’s level of implementation.

8

We do have VPN access for some of us, but we do not have enough equipment for all of the staff to work from home. I am a one person IT dept for a Critical Access Hospital, 24 bed facility. The billing offices would like to be able to work from home so we are trying to find a solution for them to do so. We are trying to avoid them using personal devices since we do not control what kind of security is on them or what they are used for normally. We also have a cloud based EHR, but again if their personal laptop/desktop has a no protection, then it could potentially infect the data.

1 Spice up
9

Another option would be to setup a Citrix environment that people can log into from there home computers and just make sure no one is allowed to download or upload any files.

1 Spice up
10

We use a mix of Remote Desktop and VPN

For access to Remote Desktop I use the Remote Desktop Gateway to secure the access instead of just opening RDS to the Web.

We are not Health Care, but you can limit the ability to copy files and also Clip Board access if needed.

11

Practically all modern firewalls allow you to set up different kinds of VPN connections, including MFA for the VPN.

Some also allow you to set up VPN portals that allow users access to internal resources without a VPN client, directly from their web browser.

MFA is something one should include in the VPN connectivity, specially when it’s about healthcare or other regulated environments.

Also it’s possible to manage VPN connections, so that users can only access the destinations/ports/applications, they are supposed to.

Also you should be logging all incoming connections from VPN clients and inspect them with IPS.

If you have geoblocking options, you also could block VPN access from geographic areas, where you don’t expect legitimate incoming VPN traffic coming from.

12

There are at least 3 classes of security issues that I would be concerned about.

The first issue is authentication. Whatever you use should have MFA. Cisco Duo has historically been free for 10 users, and they likely have other deals going on right now too. It’s easy to setup and use so I hear.

The second issue is security of people’s devices at home, especially since you don’t control them, know AV state, or filter what they browse. My recommendation is to mitigate by not allowing their devices onto the network via VPN. Allow access via RD Gateway or Splashtop for Business or similar remote control solution. Properly securing VPN to allow only RDP is difficult.

The third issue is data loss, where a user exfiltrates data. The most difficult. Don’t use VPN, and disable file copy and clipboard use on RDP, Splashtop, or similar remote control service.

As for my environment, I have had RD Gateway with MFA setup in lieu of VPN for about 8 years now.

1 Spice up
13

With patient / customer / client data a Citrix solution will be best for your case; will cost more.

A VPN works too but may not cover all the regulations for healthcare industry.

14

Company provided laptops and vpn/vdi sessions as applicable.

For those in health care, even with a VPN, I don’t think you will be HIPAA compliant without using secured company equipment (laptops/tablets etc.).

2 Spice ups
15

I’ve taken to recommending that the staff take part-time work at the grocery store, while they also collect salary from the boss.

I’m very well loved around here.

2 Spice ups
16

You are correct. The problem lies in the fact that I don’t have enough equipment for everyone to take home.

17

We have a Critical Access hospital. We have a combination of a few customers using a VPN and RDP to their physical desktops. Some use our remote desktop on a Citrix environment. The majority access just the EMR app only on the Citrix environment.

1 Spice up
18

Hi @ilsbfe ​!

It would be safer for you and your users to use a remote desktop connection tool to have access from their personal devices, if they have to.

Wayk Now is a easy to use, lightweight and flexible remote support and control software. With features like unattended access, cross platform and more, it’s a very complete and secure tool for both IT professionals and business users.

2020-03-26_13-57-30.png

Since you have multiple users, you’ll need multiple subscriptions, we are offering a special deal for the next 6 months. Every private Wayk Den deployments will automatically be granted an unlimited number of Wayk Now Enterprise subscriptions to connected clients, completely free.

You can follow this link to have more information: https://blog.devolutions.net/2020/03/covid-19-announcing-wayk-den-including-unlimited-access-with-wayk-now-enterprise-free-for-6-months

Don’t hesitate if you have any questions! Thanks

19

We use an RD Gateway server with MFA.
The employees can use their own equipment, no data transfers to and from.
I send them an RDP connection with the proper settings, they place that on their desktop and click on it to connect.
And they connect to their current office PC from home.

20

We are a health care business and use a combination of Citrix and Cisco Anyconnect depending on the users needs. We are supplying the hardware.

There was another thread that someone said they were having good luck supplying cheap chrome books for their end users to use RDP connections.

1 Spice up