Adapting Security Strategies For A Remote Workforce

1680 0

The COVID-19 pandemic has forced organizations to pivot quickly from a fully on-prem or hybrid on-prem/remote office setting to a nearly 100 percent remote work environment. One of the most pressing challenges of this transition has been the instantaneous shift in how organizations must approach cybersecurity. To best protect data in a remote workforce, it is critical to first identify risks associated with this transformation, and then institute best practices that will strengthen security and reduce data exposure.

Understanding the threats

When employees move from a single, secure business network to home networks, they generally have less-robust security protections. While connecting to a VPN can help reduce security risks, critical data not saved to a protected work network can potentially be exploited.

IoT creates additional complexity. According to Deloitte, the average household has 11 connected devices — ranging from TVs and thermostats to security cameras and appliances. Each device represents yet another pathway into an employee’s home network and puts criminals one step closer to accessing sensitive data.

It is also important to consider that employees working remotely are more likely to use their work computers for activities such as shopping, paying bills and general web browsing, which increases the risk of exposing company data. When combined with the increased frequency of pandemic-related phishing attempts — such as fake offers for protective equipment or spoofed company emails that look like policy updates — an organization’s data becomes even more vulnerable.

Beyond the vulnerabilities of home networks, the rapid move many organizations have made to the cloud presents additional risks. McAfee found that cloud attacks jumped 630 percent between January and April — the first months of the pandemic — and many organizations were unprepared to fend off such attacks. The problem persists with many companies relying solely on basic security protections offered by cloud providers, often because their existing tools were not immediately compatible with cloud technology. Others have implemented new technology without the proper training.

Addressing the risks

Given the compounding internal and external risks that come with a remote workforce, taking the necessary actions to secure data should be a top priority. The following suggestions can greatly strengthen an organization’s security posture.

  • Map out a plan for network defense. Because remote work has changed the threat landscape, tabletop exercises to outline roles, responsibilities, and mitigation tactics are more important than ever. These discussions help security teams coordinate proactive decision-making, and better prepare them for emerging internal and external threats. These tabletop exercises are focused on addressing changing threat surfaces and using remote access tools that offer visibility into application use and wireless access points, and allow security teams to restrict network access should an incident occur.
  • Prioritize cloud penetration testing. Many organizations have deployed cloud solutions without the necessary security hardening. A penetration test of cloud environments and web applications can help identify vulnerabilities that need to be addressed. Threat emulations are also valuable, as they assess the state of an organization’s defensive security posture against a likely threat actor using adversary tactics, techniques, and tools.
  • Institute simulation training. Organizations should institute threat simulation training that resembles the kinds of issues employees might experience while working remotely — such as phishing attempts, ransomware and breaches of cloud-based systems. Such exercises can reinforce daily habits that help employees identify potential threats and prepare them to take the necessary actions to report them.
  • Audit remote technology security gaps. Enabling a remote workforce will require a heavier reliance on SaaS technologies and VPNs, so it is important to assess how secure these tools are, and rectify any security gaps. It is also critical to enforce password complexity and mandatory use of multi-factor authentication where possible, to prevent threat actors from gaining access to work applications containing sensitive data.
  • Reprioritize tactics and strategies. Organizations must take into account emerging threats related to remote work, and reprioritize their approaches to security accordingly. For example, delaying network firewall projects and other on-prem upgrades, and redirecting investments toward solutions that will protect data in a remote work environment. Such investments include remote access, and remote management tools that alert security teams of potential issues and position them to more easily address problems, no matter where a user is located. Organizations should also have the latest remote patching capabilities to ensure that company computers are updated with the latest security protections.

Conclusion

It is still unclear what the future holds, but a company setting that relies more heavily on remote work may likely become the status quo. By recognizing the ways in which a remote workforce changes the threat landscape, and implementing the necessary steps to address those threats, organizations will be better positioned, offensively and defensively, to secure data and maintain the business continuity necessary to remain competitive.

Ken Jenkins
Ken Jenkins currently serves as the Chief Technology Officer of By Light’s Cyberspace Operations Vertical and leads the EmberSec Team. He brings over 24 years of Information Technology and Cybersecurity expertise in Red Teaming, Penetration Testing, Hunting, Threat Emulation, Incident Response and Systems Engineering. A decorated combat Veteran and retired Soldier, Ken’s active duty responsibilities covered operations and defense of DoD networks and battle command systems. Some of his assignments include various combat units, the Army’s Criminal Investigation Command, Army Cyber Command, United States Cyber Command, and the National Security Agency. He also served as a SME in support of standing up the Cyber Mission Force and the Army’s Cyber Branch. Ken regularly competes in CTFs and as technical mentor to the Cyber Patriot Program. Ken earned his BS in Technical Management from DeVry University and holds over 30 commercial certifications including CISSP, OSCP and 12 GIAC certifications.

Ken Jenkins Web Site

In this article