When working remotely, employees will be using a device to work—whether it’s a phone, tablet, laptop, or desktop. Does the device belong to the company, or is it a personal device? The answers shouldn’t change the security posture necessarily, but it does change what level of enforcement you may be able to achieve. If the laptop is a personal machine, will the employee be willing to have all traffic monitored or corporate software policies applied?
A good place to start is to consider where it is acceptable to have workplace data reside. If it’s challenging to apply corporate policies on a personal machine, then perhaps only allow some limited access from personal machines. As risk mitigation, guides for hardening personal machines could be linked or produced for companies where it is difficult to roll out laptops for every team member.
Once you’ve decided what you want to protect, you can start by applying some security policies to your systems. Microsoft security baselines can help provide the initial security posture for Windows-based systems, and Jamf provides useful guides on checklists for macOS. The NCSC offers many guides for the hardening of different client environments, including Ubuntu 18.04. These provide advice along the lines of keeping your software up to date and using antivirus software, but also actionable scripts and controls to check and use.
For mobile devices (depending on how you’re allowing access) mobile device management could help. Most major directory providers like Office 365 or G-Suite now offer some form of management. Consult their documentation to see the relative guarantees they give on how data can move from a device, between applications and how this is audited and can be revoked.
You should ensure your software is up to date and set to update automatically. Software patching and patch management isn’t the most glamorous security task, but vendors are constantly finding and fixing security vulnerabilities in your software, so getting on top of it is crucial.
On antivirus software, many vendors exist that provide great tools, including Windows Defender, ClamAV, Malwarebytes, and Eset, all available on many platforms. This needs to be part of your security posture, but it shouldn’t end here.