For many, working from home is the new norm—nearly as many people are working remotely this year as they did in 2020 and, in some industries, more than 80% of people conduct business from a home office. To keep people safe and to accommodate employee preferences, companies around the world continue to adapt to more flexible work arrangements, including hybrid offices.
However, this adaption poses a unique challenge for today's technology teams, as networks have morphed from tightly controlled systems to expanded networks with myriad end point devices.
We know that attackers exploit these home devices and networks to compromise employees and gain lateral access into businesses. In fact, Security Magazine predicts that remote workers will be the top attack vector in 2021.
As cybercrime continues to grow along with the remote workforce, how can technology teams protect their people and their data and make decisions that keep their business secure, yet scalable in a constantly evolving marketplace and threat landscape?
Understand the Challenges for Your Business
At the start of the pandemic, many businesses had to make a sudden and rapid transformation to a remote work environment; in many cases, security was an afterthought. While these businesses have since normalized remote work, many still rely on dated policies and platforms that were set up quickly and insecurely in 2020.
Then and now, businesses had to focus on the big picture and new consumer behaviors to stay operational, accessible, and relevant amidst a changed (and changing) world. Understandably, many technology teams haven’t had an opportunity to review and revamp security measures that truly reflect the remote work transformation. We expect remote work to continue well into 2021 and beyond, which also requires IT teams to provide secure access to a growing base of remote users (and customers). On top of this, technology and leadership teams are also responsible for delivering consistent experiences across business applications and ensuring secure transactions both internally and externally.
Even with secure tools and configurations, remote employees can inadvertently introduce risk via phishing attacks, ransomware, malware, or other social engineering attempts. Undoubtedly, at some point, remote employees will also use personal devices and equipment for work-related activities, or will log on to unsecure WIFI connections. If a data breach does occur, these attacks can take longer to detect, identify, and remediate from remote offices.
Further, a majority of technology leaders think their employees have picked up “bad cybersecurity behaviors” since working from home. More than half are concerned that employees will bring infected devices to the workplace, when we begin to return.
But it’s not too late. Now is the time to play catch up and put into place robust policies and solutions that will update and strengthen your remote security capabilities now and well into the future.
Solutions for a More Secure Remote Workforce
Given these challenges, your technology team will require a set of tools to deliver secure end-to-end access; address application, cloud, and network security; and protect your people and your data. Here’s how to do that.
Virtual Private Networks
VPNs funnel traffic through a firewall, VPN concentrator, or remote desktop. This provides a protected and private connection even when people are connected to public or home internet. For remote workers especially, make sure VPN exists for all devices, including tablets and mobile devices, and when using mobile devices as a hotspot.
However, many remote security solutions, like VPN, are based on the outdated assumption that everything inside an organization's network should be trusted. Even with VPN, data can still be encrypted and online identities can be disguised.
Which is why many technology teams are beginning to build Zero Trust road maps. Zero Trust is a recommended holistic approach to network security that requires strict verification for every person and every device that accesses your resources. A Zero Trust road map will help your business respond to the “new” network perimeter, counter the rise in ransomware, prevent insider attacks, and limit damage from ongoing attacks. For more, here’s four reasons why you should consider a shift to Zero Trust.
Anti-Phishing
Phishing remains a key concern for businesses of all sizes. Having the right anti-virus and email security measures in place can help protect against phishing attacks and block users from visiting potentially malicious links.
Immediate steps you can take to protect your employees from phishing attempts include VPN (mentioned above) as well as multi-factor authentication (MFA) and Identity Access Management (IAM).
MFA adds a level of confidence toward a user's proof of identity; it’s a simple yet critical security measure in times like these as cybercriminals launch social engineering attacks on businesses. IAM is a framework to make sure that the proper people in your organization have the appropriate access to resources. Similarly, it ensures that those who don’t need or shouldn’t have access, do not. Endpoint device security will also help protect against phishing attempts, which we’ll cover next.
Endpoint Security
Remote employees rely on multiple devices, including work and personal laptops, home desktop computers, tablets, and mobile devices. But more endpoints means more points of entry into your network. Robust and updated endpoint security is critical to protect these devices and prevent attacks. A recent report finds that nearly half of all connected devices are vulnerable to medium and high severity attacks!
Generally, endpoint protection software will block malware before it infects an endpoint device; the right solution will also eradicate malware that does evade your defenses. We know how important endpoint protection is right now, which is why we've partnered with Malwarebytes to offer comprehensive endpoint detection and response. For more, please see this guide to endpoint security for small- and medium-sized businesses.
Backup and Recovery
Following the above three steps will help protect your business, but perhaps no measure is as important as a robust backup and recovery solution. In the event an attack does occur, having the right solution in place can help you get back up and running as quickly as possible and limit the damage to your operations and your reputation. In an earlier post, we covered the key steps to get started with backup and recovery, which include:
Identify Critical Functions and Infrastructure: Take stock of your technology functions and create a list of the tools, platforms, processes, and infrastructure that is critical to your operations.
Create an Emergency Contact List: Just as HR keeps up-to-date records of employee contact information, so should technology teams.
Prepare for Disaster: The best way to recover from a disaster is to prepare for one. Proactivity is protection! What are the most likely threats to your IT environment? As you catalog these risks, consider what steps can be taken now to prevent or limit outages in these scenarios.
And, remember, there is added strength in coupling the right security measures, many of which are mentioned above. For example, requiring MFA for all Identity Access Management and VPN logins will further prevent intrusion.
We hope this helps you orient your business toward a more secure remote workforce. Doing so will place you in good company—70% of executives plan to increase investment in IT infrastructure to secure virtual connectivity. Be among them.
We also know how busy your team is these days. It may be beneficial for your business to partner with an expert on these remote security practices or to build your backup and recovery plan. Our team of experts is here for you.
Please stay secure and healthy! Get in touch with us anytime at (262) 288-1501 or via this form.