March 30th, 2020 by admin
As a result of the Coronavirus outbreak, many organizations have their entire workforce working from home. For organizations that haven’t incorporated remote working before, getting up to speed haphazardly poses a serious security risk.
Working securely from home requires policies, technology, and training to secure a safe remote platform. If you don’t already have those in place, it’s time to start building them.
Here are some considerations to ensure your technology and security are ready for the cyber risks that your network is exposed to when employees work from home:
If your employees have company-issued laptops, they should already be subject to the security protections your organization has in place. This should include security software, rules regarding local administrator access, web filtering, and application control. If you don’t have these endpoint protections in place, this is where you need to start.
Allowing employees to use their own personal devices introduces a heightened level of security risk.
The majority of home users, despite expressing security concerns, fail to follow cybersecurity best practices in their digital lives outside of work.
Personal devices are much more likely to already be infected with malware, viruses, keyloggers, or trojans that can spread into your corporate network.
If you’re not able to provide your employees with laptops or workstations they can take home, you must make sure you protect their personal devices with standards similar to those in your corporate environment.
One option is to make your organization’s security software (antivirus/anti-malware) available for use on your employees’ home systems. While this is only one basic step that will involve additional cost and implementation time, it may help protect you from an easily-exploited attack vector.
For even better visibility into endpoint activity and security, add an endpoint detection & response (EDR) solution to detect and alert your IT department to abnormal device behavior and signs of malicious attack activity.
For endpoint security, we recommend focusing on implementing three key security solutions:
- Malware prevention to stop viruses and other malware threats
- Data encryption for protection in the case of lost or stolen devices
- Advanced endpoint detection & response (EDR) to monitor cyberattack activities on the devices
We also recommend the following security configuration best practices:
Multi-factor authentication (MFA). The use of MFA is becoming more critical as organizations become more digitally connected. MFA should be enabled on user accounts, especially your remote virtual private network (VPN), along with most-used online solutions, and other business-tool accounts.
- This ensures that a password isn’t the only thing protecting your organization’s accounts and data from cybercriminals.
Least privilege account access. The practice of least privilege is a fundamental security best practice for your organization that provides an added layer of protection when users are working at home. The idea behind this practice is that employee access to organizational systems and data is limited to only what is necessary:
- The majority of employees shouldn’t have administrator access over their devices and accounts or access to specific areas within your corporate network - like critical servers or sensitive data.
- Admin users should only work out of their standard accounts when working on a device or accessing the network from home.
Patching Systems. The failure of organizations to maintain a good patch-management strategy is one of the leading causes of ransomware and other malicious attacks. Deploying a mobile workforce increases the importance of patching all systems. This means every device on your network, including mobile devices, needs to be running the latest version of its OS and third-party applications.
- The best way to ensure the timely and consistent application of security patches is to implement a patch-management solution which will keep servers and devices up to date by automating the discovery and delivery of missing patches and updates. If a patch management solution is not possible, at minimum, require and assist employees to enable automatic updating of their software.
When user traffic is thoroughly protected, the risk of remote-connectivity attacks decreases significantly.
How you provide access to your corporate network resources, software applications, and data is another critical factor to consider. Much depends upon how you decide to allow employee access.
Do most of your computing resources require connecting to an internal corporate server, or are they accessed through cloud applications?
Your answer to this question will dictate what sort of security protections you need to put in place, as well as what policies or rules to implement on how remote users connect to your infrastructure. Ideally, you want as many of the same protections in place for remote workers as you have for in-office workers.
Regardless of the device being used, you must ensure that transmitting shared files across your networks isn’t leaving you open to potential data loss and theft. This can be achieved by implementing secure remote desktop solutions for employees and allowing corporate VPN access to secure their connection - no matter what wireless hotspots or home networks they are on.
If possible, use web content filtering to protect your remote employees from malicious websites and preserve productivity. If your firewall/VPN solution allows it, scan and log all sessions between your remote users and your internal systems, and restrict traffic to only what is necessary for each remote worker’s job role.
Take advantage of multi-factor authentication wherever possible to protect your remote VPN, cloud applications, and network admin sessions. We recommend specific solutions like WatchGuard’s AuthPoint. However, secondary authentications like an SMS or email-based solution are always better than single factor logins.
User Security Awareness
Any time cybercriminals are able to target victims where heightened emotions and/or money are directly involved, a massive uptick in scams will inevitably arise. It’s critical that end users are properly educated on increased cybersecurity threats and continuously reminded of proper cyber-hygiene practices. While having a formalized cybersecurity awareness program is recommended for all organizations, now is not the time to engage in long, detailed user cybersecurity training.
With a rapidly deploying mobile workforce, the need for small, consumable, and frequent messages about good cyber-hygiene practices is the most effective method of education. E-mails, blog posts, and text messages can all be used to communicate the need to stay safe, not click on links or open attachments, etc.
Support for Remote Workers
In addition to securing devices and network access, it’s also important to support remote users. You will need a confident IT staff that can support and protect your team as they adjust to the learning curve of working off site.
The number of calls to your support desk will increase dramatically, so make sure you’re ready to handle the influx of users struggling with new practices and technologies for the first time.
How We Can Help
If there’s one thing we know about cybercriminals, it’s that they don’t hesitate to jump on opportunities. As your cybersecurity partner, we’re prepared to help you make working from home just as secure as working in your office.
Whether you are starting from square one developing new security policies, technologies, and training or you already have some in place, we are here to ensure your IT resources are maximizing your security no matter what device or network your employees are on.
Posted in: Cyber Security