Security pros face unending attacks and challenges as they try to maintain business continuity while employees work-from-home. Now that the majority of the staff works beyond the network perimeter, the escalating threats are real, driving opportunistic threat actors to ramp up their phishing efforts. For example, Google found earlier this year that 18 million phishing emails per day directly reference COVID-19.
Faced with these attacks, here are five ways security pros can deploy a mix of tools and policies that bolster security and mitigate the vulnerabilities that come with remote work:
1. Add additional controls for remote authentication.
If employees use mobile devices, they may not always actually work-from-home. Remote workers can potentially access the corporate network from unexpected off-site locations that may send false flags to security teams accustomed to using anomalies as indicators of compromise. The high degree of variability and reduced visibility associated with remote workers makes verifying the authenticity of their logins much more difficult.
Identity and access management (IAM) products that support dynamic risk-based authentication can increase or decrease the degree of authentication measures required based on the risk level of each session. Dynamic authentication ensures that security measures do not cause undue productivity bottlenecks while simultaneously offering the assurance that higher-risk sessions with unexpected variables are valid.
Passwordless authentication such as the Universal Second Factor (U2F) standard will further secure the network against the threat of compromised credentials. U2F supports hardware keys with public-key cryptography authentication, such as the YubiKey. Requiring the use of a hardware key for high-risk sessions protects against man-in-the-middle attacks and ensures that attackers cannot access the corporate network without having direct access to the hardware key.
2. Ensure secure remote access to files and applications.
Security pros need to provide employees remote access to the data they need to do their jobs without introducing a clear path for threat actors to infiltrate the network.
Virtual private networks (VPNs) offer stay-at-home workers an encrypted connection to the corporate network and enterprise cloud services from their off-site endpoints. This helps mitigate against threat actors that may attempt to intercept communications from remote endpoints.
Once a session gets validated, it’s important to ensure that stay-at-home workers are given least-privilege access. A privileged access management (PAM) product manages conditional data based on the needs and risks of each employee and the context of their session. A PAM also offers security teams a way to readily manage user privileges, including revoking local admin rights to protect against privilege escalation attacks. Once data gets accessed by the endpoint, data loss prevention (DLP) software offers an added layer of security by ensuring confidential data gets protected against transfers to USB devices and uploads to unauthorized cloud storage accounts.
3. Protect corporate networks from insecure endpoints.
If an endpoint device gets compromised, even an encrypted connection through a VPN can offer threat actors a vector for an attack. Security pros need to consider a zero-trust network security framework to protect networks against higher-risk remote workers.
Network access control (NAC) products can perform a “health check” on the endpoints of stay-at-home workers before they connect to the corporate network. This health check ensures that the endpoints meet minimum security requirements, such as up-to-date security patches, prerequisite security software, and an approved internet connection.
When problems are discovered, the NAC can also perform remediation tasks, such as directly installing patches or alerting users to the steps needed stay compliant with the network’s security policies. The remediation capabilities of a NAC are particularly valuable for securing a remote workforce with a bring-your-own-device (BYOD) policy. It can ensure patches without needing to directly install a patch management client on personal devices.
4. Increase network visibility and secure cloud services.
Many businesses will use a hybrid cloud model that combines cloud-based applications with on-premises IT infrastructure. Security teams must adequately monitor and manage these systems to ensure they are accessed by legitimate users and that any available data does not get mismanaged.
Security teams can also use a cloud access security broker (CASB) to gain greater visibility into how cloud data gets shared and used. CASBs offer additional security controls, such as data leakage monitoring, IAM, and single sign-on (SSO) tools. Security teams can use monitoring logs offered by CASBs to identify suspicious indicators of compromise or signs that remote workers are engaging in high-risk behaviours on cloud servers.
Network monitoring and management tools such as security information and event management (SIEM) software helps security teams bolster network visibility even when unmanaged devices connect to the network. A SIEM will alert security teams to data exfiltration attempts and offer digital forensics in the event that they need to investigate the cause of a data breach.
5. Enforce employee security standards.
It’s always challenging to maintain a security-conscious workforce, even under normal circumstances. For distributed teams with remote workers, it’s further exacerbated by the false sense of security in a home environment. Workers may feel safe at home, but the attackers continue to leverage worries around COVID-19 in their phishing and social engineering campaigns. Offer stay-at-home workers a clear channel where they can voice security concerns and receive clarifying information regarding their responsibilities, risks, and expected behavior.
In the event that stay-at-home workers use company-provided devices, security teams can use monitoring software to collect endpoint usage data that informs them of any high-risk behaviors that workers are engaging in, such as unsafe web browsing and the use of shadow IT. This data can help with ongoing cybersecurity training, consistent remediation to address high-risk behaviors, and messaging that focuses on their individual data security responsibilities.
Security teams need to categorize employees according to their level of risk and pay special attention to employees that are in higher-risk categories. They should give priority monitoring and data security management to remote employees that have a direct connection to sensitive data and elevated user privileges. Organizations need to offer tailored training and resources that stay-at-home employees can use to mitigate the unique security risks of a home network. Make them aware of the risks around default network credentials, IoT devices, lax cybersecurity hygiene, phishing, and other security vulnerabilities that they may not have previously encountered when working in the office.
Many of the challenges security teams face in managing remote workers stem from the lack of visibility for unmanaged devices and the off-site accessibility requirements of a remote workforce. Security teams can address these issues with network-level monitoring and management tools, channels for secure remote file access, robust authentication and authorization and increased cybersecurity training. It’s a tough challenge, but with the right mix of tools and policies, security teams can get the job done.
Neel Lukka, managing director, CurrentWare