The coronavirus pandemic has changed the way we work. It’s a new remote reality that will likely have a lasting impact, well beyond when quarantines are lifted. Companies must quickly evolve, adapt and improve Remote Security (RemoteSec) practices to ensure that the new environment remains both protected and productive.
Consider the risks. Businesses were a growing threat target last year. Our 2020 State of Malware Report found that global business threats rose 13 percent in 2019 to about 9.6 million detections. The work-from-home scenario makes businesses even more vulnerable, especially when threats targeting them are harder to track as employees use work devices over their own personal home networks.
Managing remote workers will put our cyber hygiene to the test during this challenging period. Employees are an important factor, whether in the office – or at home. We’re all human, and the uncertainty of this time may mean a lower awareness of threats and greater susceptibility and risk. To prepare and help arm the workforce, consider focusing on these priorities:
- Increase device security. The device has become the new perimeter. In an expansive work-from-home environment, gone are the days of on-premise, office-based security. The term “perimeter” does not have the same meaning today as we look at the shift to both personal devices and networks, embrace remote and roaming work and reassess our security postures. We’re no longer building a fence to protect networks within a specific domain. Rather, we want to protect free-range devices across the world.
- Patch everything. It’s simple and basic, but security teams must ensure they have installed the latest security patches/updates on everything, even if it means taking an availability hit. Waiting to install updates puts devices at risk, leaving an entry point that could devastate a business. It’s especially important as VPN exploits are a hot target for the bad guys and VPN usage has gone through the roof.
- Create reliable device visibility. Once the team updates all of its software/hardware, it’s time to create visibility into employee devices. Use a reliable discovery tool to gain visibility into all employee devices and ensure they have the proper level of security for their role. Be clear about the boundaries between work and personal information and make certain that the company protects its employees while also respecting and preserving their privacy.
- Employ a personal security portal. Today, every remote worker’s home network just became an extension of the business. This means that their networks, computing devices and mobile devices all now access the corporate network and need to remain secure. Use tools that will ensure connected personal devices are brought into compliance before allowing VPN access. Think about using a personal security portal to manage security deployment and licenses for personal devices.
- Operationalize security for remote work. The company’s IT ops and security teams are now also working remotely. This means that efficient processes and a consistent routine have never been more important. Practice a scheduled daily scan for verifiable security. Then establish a prioritization scheme for top executives and the finance department by scanning their systems two or more times a day. Use an efficient cloud-based solution to maintain productivity and performance. Testing security in the cloud will bolster security and improve monitoring and remediation efforts, while minimizing risk.
- Automate operations. By automating operations across groups and machines the company will minimize manual errors and more efficiently handle an increased workload. Additionally, automation will let the team more quickly assess the severity of an attack and deliver an immediate response.
- Treat remote devices the same. When an attack hits, security teams shouldn’t treat remote devices any differently than they would the ones that reside inside the corporate firewall. With so many remote users, it’s critical to quickly isolate and recover compromised endpoints before the attack spreads. If the company can reduce its remote SecOps response time from days to just minutes, it can ensure both effective and thorough remote remediation. Security teams can do this by leveraging expert incident responders to recover remote endpoints after a successful cyberattack. As a result, they will protect the network from exposure at the same levels as when employees are in the office.
The stay-at-home orders will hopefully get lifted in the months to come, but it’s still several months off. It may indeed become a long-term trend for employees to work-from-home, and even in the most normal circumstances, companies will always have employees traveling and working nights at home.
Now’s the time to get RemoteSec right. Eliminate the security team’s patch backlog, operationalize and automate security for remote workers and optimize remote device recovery processes. This will improve cyber hygiene and create a stronger security profile for the business.
Greg Higham, chief information officer, Malwarebytes