As more and more employees have transitioned to working remotely, the cybersecurity threats that their organizations face have changed. While remote work offers many benefits to companies, it presents special security challenges that are not present in traditional office environments.
This post identifies those challenges, explains how they change the nature of cybersecurity requirements and offers tips on how to secure remote access.
Why do I need to secure remote access?
The nature, and the scope, of cybersecurity threats change when employees work remotely. Certain new types of risks emerge, such as workers’ reliance on personal computers, routers and other devices that could be infected with malware, but are difficult for corporate IT personnel to manage and secure.
Another novel threat in this context is an employee’s need to access or send data over public internet connections when connecting to systems or storage resources that exist in their companies’ offices. If that data is not properly secured, third parties could eavesdrop on the connections and steal sensitive information in a way that would be much more difficult to do when all data remains inside corporate networks.
Remote work also forces employees to adopt a broader set of tools, which increases the potential attack surface for attackers to exploit. In addition to the standard applications that they use in the office, remote workers also deploy applications like RDP and VPN clients, creating new potential security vulnerabilities.
Threats that are present in traditional work environments can be exploited in new ways, or on a larger scale, in work-from-home settings. For example, phishing attacks are not a unique risk for employees who work remotely, but they may be easier to execute when employees are out of the office, less cognizant of threats and using personal devices to connect to corporate resources.
Similarly, malware attacks pose a greater risk when employees are working from personal devices whose software is less likely to be patched against the most recent security threats than they would be if they were working from company-owned devices that are centrally managed and updated by a professional IT team.
Although remote work may be beneficial or necessary for a company to carry out its operations, it’s apparent that one of the major tradeoffs is the inherent security risks it carries. Fortunately, companies can manage these risks by adhering to best practices for keeping their systems and data secure even when employees are working from outside the office.
1) Assume threats will occur
The most basic best practice for securing remote access is to accept that threats exist.
This can be a difficult mindset to recognize, especially for companies that do a good job of securing their on-premises infrastructure. It can also be tempting to ignore the security risks of remote-access setups because there is less visibility into the systems that employees use when working from home, and therefore less opportunity to identify the risks.
Nonetheless, the reality is that vulnerabilities almost certainly exist within the infrastructure and applications that employees use to work remotely. IT teams should assume that those risks are present, even if they can’t see them.
2) Create a telework policy
Setting clear rules to govern how employees work remotely is another basic step toward managing remote access threats. Companies should develop telework policies that specify items such as:
–Whether employees are allowed to use personal devices when working remotely
–Which data employees can download to personal devices, and which needs to stay in the office
–Whether employees are allowed to install non-work related software on devices that they use for remote access
–How employees should report suspected attacks when they are working remotely and unable to interact with the IT team in person
Guidance such as this goes a long way toward mitigating the security risks associated with remote access systems.
3) Encrypt sensitive information
Data encryption is always a best practice from a security standpoint. But it is even more critical when employees work remotely, due to the risk that devices could be lost when being used outside of a corporate setting or that sensitive data could be intercepted while traveling over the internet.
Toward that end, be sure that all data exchanged between company-owned systems and remote work locations is encrypted while it travels over the network. A simple way to do this is to require employees to connect to remote systems using VPNs, which provide built-in encryption. Ensuring that remote-access tools like RDP clients are up to date is important as well because outdated clients may not encrypt data by default.
4) Designate and secure specific remote work devices
Ideally, employees will not use personal devices when working remotely, and policy should dictate as such. Companies should instead provide employees with specific devices to use for remote work. Those devices should be managed by the corporate IT team to ensure that they are properly updated and do not contain any unnecessary software or data that could pose a security risk.
5) Employ user authentication
When accessing company resources remotely, employees should be subject to strict access control, including multifactor authentication. Although it may be tempting to make resources like file servers accessible to anyone in order to simplify access, this is a major security risk.
Instead, a best practice is to adopt the principle of least privilege, which means that access for all users should be blocked by default and enabled only for the specific accounts that require it. This will require more configuration, but it is well worth the added security benefits.
6) Set up a VPN
VPNs provide three main benefits: They make it possible to access resources remotely that would otherwise be inaccessible from offsite locations, while also encrypting connections and providing some access control for corporate networks. Setting up a VPN and requiring all remote connections to pass through it is a basic best practice for keeping resources secure when employees work remotely.
That said, it’s important to note that a VPN is not a silver bullet. It mitigates the risks of some types of attacks, such as data sniffing, but it does little to protect against threats like phishing. Plus, it may contain its own set of vulnerabilities exploitable by attackers. Think of a VPN as one layer of defense for remote-access security, but not a complete solution.
7) Manage sensitive data securely
Sensitive data is important to always secure via encryption and access control. But when employees work remotely, it becomes especially critical to make sure that they work with sensitive data properly. If your company is subject to compliance rules that require data to remain on certain servers, make sure employees cannot download copies of the data to the devices they use when working remotely.
Even if compliance is not a concern, you still should establish policies on whether and how employees can copy data onto remote devices. You want to avoid scenarios where, for example, an employee copies customers’ personal data to a thumb drive which later goes missing, leading to the potential exposure of sensitive information.
8) Collaborate with third-party partners and vendors
Even more so than in traditional settings, remote-access scenarios require careful collaboration with third-party partners and vendors. The companies that provide remote desktop instances for employees who work remotely, for example, or who manage file servers that are accessed over the network are critical stakeholders in your ability to keep systems and data as secure as possible when employees are working from outside the office.
Make sure to select vendors and partners that are as committed to remote security as you are, and that are prepared to help address threats quickly when they arise. At the same time, choosing solutions that automate security as much as possible is important for keeping security risks manageable amid existential challenges like alert overload, an overreliance on manual processes and skills shortages.
Secure remote access with automated workflows
SecOps teams can take security automation even further by adopting purpose-built platforms which streamline security operations by using playbooks to automate many of the tasks required to respond to security events
By allowing teams to centralize security operations across their environments, while also enabling collaboration, security orchestration, automation and response (SOAR) is especially valuable in the context of remote access, where threats may take longer to identify and resolve than they would on traditional networks.