Remote workforces are on the rise. In just the last five years alone, remote work has seen a 44 percent increase. And while remote work offers a slew of benefits to both employers and employees alike, it also comes with unique security challenges and considerations.
When a large remote workforce is stood up, digital traffic goes from an inside-out pattern to one of outside-in. IT security managers must still stop any potential attackers while still allowing remote employees access to corporate resources. VPNs alone are not enough to mitigate the increased risk.
Weighing the benefits and risk
There is a balance between security and stability that companies must strike to maximize benefits while minimizing risk. It is this balance that directly impacts business speed and business risk. Too much security can be costly and impact operations, while the inverse can result in a catastrophic compromise that is equally costly and impactful.
So, how can companies leverage the benefits of a remote workforce while minimizing the inherent risks? Let’s look at some basics.
When it comes to securing your remote workforce, the first step is establishing a sound policy. Comprehensive and robust policies go a long way in avoiding confusion and conflict surrounding remote work practices. These policies should outline standards for remote access, data storage, use of personal devices, etc.
They should also clearly define terms like data and intellectual property. It’s always best practice to not leave key terms open for interpretation. It’s also important that these policies have heavy buy-in from the executive level. Teams and employees will respect and adhere to policies that their leadership cares about and reinforce.
Additionally, companies can always take advantage of professional consulting services in developing these polices to ensure they include the proper expertise while minimizing any learning curves. These policies should be reviewed annually at a minimum.
2. Secure connections
Today’s remote worker must always be connected — and these connections can sometimes traverse some sketchy digital terrain. Whether your remote workforce operates out of their home residence, a satellite office or a neighborhood coffee shop, VPN is a must-have.
While VPNs are hardly the all-in-one security solution they are sometimes mistaken to be, VPNs do allow employees to tunnel data either point-to-point or into your sensitive internal network, encrypted and away from prying eyes on those unsecured public routers. Companies can take this a step further and require all employees to connect into the corporate VPN before access to the corporate network is allowed.
There are two important considerations if a company decides to go with a VPN solution. First, ensure the VPN service is sourced from a reputable company with a lengthy track record of success. Second, employees should be aware they may experience slower connection speeds when using a VPN. While this may hamper productivity a bit, in most cases the security trade-off is more than worth it.
Even with a standard office-based workforce, visibility of the digital landscape is key in securing it. This becomes especially challenging when a significant portion of assets are geographically dispersed. Endpoint detection and response (EDR) or other asset management solutions can help automate this process.
It’s not just visibility of users and their endpoints — network traffic visibility must be highly scrutinized as well. Increased logging on all network devices or sensors and exporting that information to a security information and event management (SIEM) solution is a great way to maintain a high-fidelity view of network activity. It’s imperative that security teams are sifting through this information and searching for anomalies. The information is only useful if someone looks at it.
Another consideration is visibility of vulnerabilities and attack surface. Penetration tests are the gold standard in determining true resilience and reaction capabilities. While most companies are typically against having a group of white-hat hackers (the good guy variety) exploit potential vulnerabilities, there is no better test that offers honest results.
4. Endpoint security
Companies tend to think of their network perimeter as the hard, outer layer that attackers must breach to gain anything of value. It protects the most vulnerable assets on your corporate network: the endpoints. But what happens when all the endpoints are moved outside of that wall?
This is the chief concern most companies will have with a remote workforce. How do companies address that increased risk while adjusting for a paradigm shift in the way security operations must be accomplished?
A very effective and comprehensive approach is only allowing corporate-issued devices to connect to sensitive corporate resources. This offers multiple benefits: corporate devices can be baselined, patched, scanned, monitored, restricted and quarantined. You can also control them through group policy and restrict USB usage, requiring full disk encryption and preventing web surfing to risky websites. Again, EDR solutions are great in this case, as they can help automate all of this and more.
If issuing corporate equipment is not an option, EDR solutions can still help with most of these areas — especially visibility. Compatibility and dependencies do become a concern when installing an EDR solution on personally owned devices. Users also can potentially turn off or disable the agent altogether. Standardized, corporate owned and issued equipment is the best solution for a remote workforce.
Proper authentication in the age of the digital worker has become increasingly hard to accomplish. Is someone, who is accessing the corporate network, who they say they are? Identity assurance is a must-have in the remote workforce age, and simple passwords alone have a hard time accomplishing this.
Multi-factor authentication (MFA) takes something you know (passwords) and combines it with something you have. When there are many remote employees in unsecure locations, passwords can and do become compromised. MFA can greatly reduce identity risk while having minimal impact to productivity.
There are several options when it comes to MFA: physical tokens (both disconnected and connected), smart cards, mobile phone-based authentication and more. There are advantages and disadvantages for each of them. For example, mobile phone-based authentication is very convenient since almost every remote employee should have near-constant access to one. However, if the phone is left unlocked and unattended, the security measure is easily circumvented.
Companies must weigh the pros and cons of each solution and determine which will meet their requirements. Once a proper solution is selected, it should be combined with an SSO solution and implemented as an identity control for all corporate resources — including VPN access.
6. SOAR operations
Automation is paramount as you increase your remote workforce. Security orchestration, automation and response (SOAR) solutions should be utilized to evolve IT security policies and procedures over time, enabling them to keep pace with the exponentially increasing demands of the modern threat landscape.
As your remote workforce expands exponentially, so does your threat landscape. You inherit the vulnerabilities of your remote workers' home networks and endpoints as the speed of the threats increases substantially.
Start automating your security responses by standing up a SOAR solution or expanding the automation in your current platform. You can use SOAR to:
- automate your routine security tasks, such as investigating email phishing;
- increase active monitoring of your endpoints and what they are connecting to;
- automate patching to decrease risk;
- increase visibility into data access and usage on your endpoints and networks and bring that data to a security information and event management (SIEM) for analysis.
Not every security process and action can or should be automated but should be based on the goals of the security organization and industry requirements. Now is the time to utilize SOAR to automate and free up your people resources to do security analysis and other needed tasks.
This will free up your limited security resources to help secure the company in other high risk areas.
7. User awareness
All the security technology in the world cannot protect a company from layer 8 — the user. Users are the most unsecure asset of any company with a digital footprint. User awareness training programs are essential if all the other solutions discussed here are going to be effective. Employees must be periodically trained up on the latest threats and trends in cyber attacks. The training should also include information on all current cybersecurity and remote working policies, including what to do in the event of a possible compromise.
Make the training engaging and informative, but not overbearing. Most training programs tend to hose down employees with too much information and the training session becomes a clicking marathon. Test employee engagement knowledge retention throughout the training to ensure raised awareness.
Lastly, setup an email list or newsletter that goes out monthly or quarterly that talks about the latest trends seen in the cybersecurity landscape. This can also include generic information about trends seen in the SOAR to help users stay alert and aware.
Putting it all together
While emphasis has been put on one area or another, the main takeaway is that a defense-in-depth approach is required — especially with remote workforces. Each topic area establishes a layer of protection for the corporate network that is designed to slow down potential attackers and give security analysts as much time as possible to identify and respond.
Remote workforces can offer incredible benefits to both companies and employees, but also introduce complexity and risk to operations and security. Raise confidence and lower risk by implementing some of these controls and baking security into your remote workforce program.
Find out more about how WWT Security Services can assist you in developing a comprehensive security strategy for both your onsite and remote workforce.