Here are eight tips to help security organizations in securing their remote workforce
The novel coronavirus COVID-19 is causing global health and economic crises and profoundly impacting the way we live and work. Its effects will no doubt be long-lasting. In the near-term, it will require CISOs to update and prioritize work from home security practices and policies as offices are temporarily shut down. We don’t know how long the coronavirus emergency measures will be in place, so CISOs would be wise to develop long-term plans to ensure employees are as secure working from home as they are in the office.
The remote worker phenomenon started long before coronavirus, but this epidemic may be the watershed moment that makes remote work a regular part of most companies’ cultures, including those with any lingering hesitation. For the last decade or so, flexible work and work from home policies have become standard across businesses as they looked for ways to offer more perks in a competitive hiring market. And it has allowed companies to find talented workers who are located outside the high-rent locations of many corporate headquarters. This flexibility benefits both companies and employees, but for security teams, it can be a major headache. However, in the age of coronavirus, the number of work from home employees has jumped exponentially by the day, and security teams are rushing to ensure the efforts to enable online collaboration solutions are safe and secure with employees off the corporate network. Now, they also have to address the challenges of tracking and securing a multitude of off-premises devices.
Historically, VPNs were the answer for remote workers. But they pose security issues of their own, particularly when so many employees are using them at once. Recently, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Association (CISA) issued an alert warning about the security risks of remote workers relying on VPNs. “As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors,” the alert said, noting that the need to keep VPNs in operation 24/7 means organizations are less likely to patch them. From a risk standpoint, many enterprises have a generally “flat” network. In years past, there may have been various business applications (email included) that required a connection back into a central, internal environment. With the steady migration from on-premises to SaaS in recent years, the risk of bringing users back into the network for one or two apps may also now be significantly higher than the value being realized by keeping the outlier app/capability on-premises and enabling remote access into the entire network through VPN.
Home WiFi networks represent another challenge. Everyone knows that most home WiFi networks aren’t secure. Many home networks aren’t password-protected, use easily guessed or default passwords, or may be configured without encryption, thus allowing an attacker to easily compromise the network. The modem or router used to access the internet is likely missing its latest security patches and updates (being that they are difficult to apply). In addition, we will see attackers taking advantage of the huge increase in remote network traffic and targeting individuals at a higher rate than usual, especially since they can now more obfuscate their actions in all the additional noise. Unfortunately, due to limited visibility into what’s on our home networks and what we should consider normal versus potentially malicious, many home networks and the personal devices connecting to them may already be compromised.