As the world phases into official post-pandemic status (fingers crossed), many companies are rethinking the way they operate and, more specifically, how and where work is done. Flexible work models, in which employees can work on-site, off-site or a combination of both, have become increasingly common.
However, it’s one thing to provide the tools and implement the processes that enable the various options. It’s another to ensure it’s all done securely.
Remote Work Security
Not surprisingly, there’s now a distinct branch of cybersecurity known as “remote work security.” It focuses on protecting company data and other assets wherever and whenever employees work.
That’s not to say remote work security is an entirely new concept. Many businesses have had to implement specific tactics to ensure employees who routinely travel and work “on the road” could do so securely.
But with so many more employees working remotely, particularly from their homes and using their home networks and personal devices, the challenges of ensuring secure operations have increased. Paying special attention to those most associated with remote work operations is critical.
Cybercriminals know that many organizations jumped into remote work operations quickly and now have IT vulnerabilities that didn’t exist before or are being overlooked due to a focus on other priorities. An IBM
study reported that organizations with more than 60% of employees working remotely had a higher average data breach cost than those without remote workers.
Hackers also know they can use human behavior to use employees as a means of to exploit many of the vulnerabilities, such as through the use of phishing. A joint study from Stanford University Professor Jeff Hancock and security firm Tessian revealed that 85% data breach incidents are caused by employees’ mistakes.
Free Remote Workforce Checklist
Build a Depth-in-Defense Strategy
A multi-layered approach to IT security ─ also known as depth in defense (DiD) ─ will provide more comprehensive protection regardless of where employees are working. The following are important components to include:
Virtual Private Network (VPN): A VPN provides employees with access through public internet connections. It uses advanced encryption and tunneling techniques to create a secure internet connection between a user and a network. Business networks can connect with each other, and remote workers can access sensitive data from a business network without exposure to unauthorized users. VPN is technically a security solution, although it does enable remote network access, whether users are working from home, an airport or anywhere else.
Remote Desktop Protocol (RDP): RDP enables the remote management of and access to virtual desktops and applications. Unlike VPN, RDP typically enables users to access applications and files on any device, at any time, over any type of connection. There are different types of remote work solutions based on RDP. See more on these solutions under #2.
Identity and Access Management (IAM): IAM incorporates a comprehensive verification process to confirm the validity of all logins, and allows for implementing multi-factor authentication on top of a VPN connection. It can be used as a VPN alternative or paired with a VPN. Note: It doesn’t provide additional protection for privileged credentials.
Privileged Access Management (PAM): PAM focuses on managing privileged credentials that access critical systems and applications with a high level of scrutiny. PAM solutions include advanced credential security such as user activity monitoring, obfuscation of passwords and systems and data access control, and user activity monitoring. PAM tools allow network managers to ensure that internal users only gain access to the applications and systems needed at the time they’re needed.
Third-party Security Platform: These solutions allow for controlled onboarding, elevation, and termination of access privileges for external users. Many include robust authentication protocols, access controls, and auditing tools to meet certain compliance requirements. They also granularly control the access permissions of each individual user with least privileged access. This helps ensures users can only access areas of the network that they need.
Zero Trust: This approach assumes all individuals or users are threats, and must be verified before being granted access. Zero Trust methods perform the basic capabilities of a VPN, but with an added layer of security in the form of least privileged access (down to the specific applications), identity authentication (MFA), employment verification, and credential storage.
Encryption: All sensitive data accessed by your remote team should be encrypted to safeguard against device damage or theft. You should also install remote-wipe apps on all remote devices so data can be easily erased if a tablet or smartphone is lost or stolen
Managed Detection and Response (MDR): MDR, a form of EDR that includes management by a third-party company, combines continuous monitoring, behavioral analytics, cloud-based threat analysis, automated response capabilities and other tactics to detect, contain or mitigate threats such as ransomware or malware that target endpoints such as laptops, servers and desktops.
Agent-based Vulnerability Scanning:
Agent-based scans offer the ability to assess off-network assets and endpoints that intermittently connect to the internet, such as laptops, and to scan the devices regardless of network location and report results back to the manager. They also eliminate the need for credential management.
Awareness and Training: Regardless of where they work, all employees must be aware of company policies and procedures regarding remote working, including the use of personal devices and social media. That awareness should be supplemented with frequent practical training and tips on security risks, such as social engineering threats, password hygiene and how to securely use remote working tools such as videoconferencing platforms.
Remote Desktop Services (RDS): RDS employs a server-based platform that lets users share desktop environments between one Windows computer and another over the Internet. Once logged into the RDS-hosted PC environment, your users can access the same local resources they would on their own PCs. RDS can be configured so only certain applications are available to remote users.
Typically, the machine that hosts RDS runs in the same physical location as the computers from which users access the remote desktop environments. It’s also possible to install RDS on a server running in the cloud and share desktops from the cloud.
Virtual Desktop Infrastructure (VDI): VDI deploys a desktop operating system from a virtual machine that resides in a data center. VDI deployments used a single-tenant model with resources dedicated to a single user or organization, so it’s easier to ensure that only authorized users can access data. You specify exactly which tools can be used, how systems are monitored, where data is stored, and who has access.
Hardware, software, licensing, deployment, and ongoing maintenance and patching are all handled in-house. There’s also the option of a hosted VDI solution, in which a cloud services provider (CSP) owns and manages the underlying infrastructure. You still retain complete control over the VDI environments.
Secure Network Connectivity: Employees who work remotely are dependent on the internet service where they’re working. Some of the applications they use may be bandwidth intensive, so a slow connection can hamper productivity. Identify the applications your employees need to do their jobs and the bandwidth requirements necessary to deliver an optimal user experience. Provide guidelines around minimum network bandwidth for remote workers.
You’ll also need to confirm that your company’s own network infrastructure has the capacity to accommodate increased remote workers, and that it’s secure itself.
IT Security Wherever Your Employees Are
IT security is always critical. But as organizations accommodate more flexible work arrangements for their employees, it’s essential to ensure that IT security strategies take into account the challenges and needs associated with remote work operations. US Signal can help. Call (866) 274-4625 or email [email protected].