There are many benefits to working from home for employees, but as a business owner or IT director, having a remote workforce can become a security nightmare.
With your employees spread out and using individual networks, attackers have more areas where they can strike, so it’s easier for them to infiltrate your network. At the same time, you have less control because your employees are no longer on your secure company network.
The KR Group’s cybersecurity services include a teleworker assessment, which looks at how strong your security posture is specific to your remote workforce.
This smaller-scale security risk assessment takes one day for most environments and looks at your security posture in the following areas:
- Automated monitoring of security controls
- Protection of confidentiality and integrity through encryption
- Managed access control points
- Privileged access and command control
All of these components work together to provide a comprehensive security structure for you and your remote employees.
Automated monitoring of security controls
When it comes to a remote workforce, you need to have the ability to monitor activity on your network, determine its source, and configure alerts.
With more people working remotely, there has been an increase in different types of ransomware attacks. This makes monitoring activity not just important but vital.
It’s one thing to monitor activity on-premises, but when all of your employees are working remotely, tracking can be more tedious. The way around this is having automated tracking of the different security controls you have in place.
A teleworker assessment looks for security and automated monitoring in the following areas:
1. Securing your users’ remote connections
Your security adviser is looking to ensure attackers aren’t accessing your users’ home networks and then making their way to your company network when the user remotely connects.
Two common ways businesses do this is to have a firewall on the other side of a VPN connection to filter out that malicious traffic or have your users log in with dedicated VPN termination points.
2. Tracking failed login attempts
When it comes to monitoring your remote security, another important security measure to have is tracking failed login attempts.
This can be a good indicator if an attacker is trying to make their way onto your network or if one of your authorized users is just locked out.
3. Multi-factor authentication to verify users’ logins
Multi-factor authentication, like Cisco Duo Security, double checks that it’s actually your users and not a hacker trying to access your network.
Multi-factor authentication requires an additional piece of information such as a one-time passcode, an accept-or-deny request, a USB device, or even a fingerprint. Whatever form you use to for the second form of verification, its purpose is to make sure the username and password align with the verification information.
Attackers can guess user names and passwords, but by requiring a piece of information you need to have, not just know, multi-factor authentication helps secure your accounts.
4. Umbrella’s roaming client
Cisco Umbrella is a useful tool for many businesses because of its cybersecurity features, including Umbrella Roaming Client. This particular feature allows you to determine which user’s device is the source of a malware attack, even when the devices aren’t on-premises.
Protection of confidentiality and integrity through encryption
In the world of cybersecurity, encryption is important because it prevents attackers from gaining access to your sensitive data if they do find a way into your network.
During a teleworker assessment, your security adviser will look at how you encrypt data in the following stages:
1. Data at rest
This data is stored, inactive, and typically infrequently used. It includes databases and back-up files.
If you’re not currently encrypting data at rest, your security adviser will recommend you use disk encryption, like BitLocker, to ensure your company assets and proprietary data are protected.
2. Data in transit
Data in transit is data being sent from one device to another.
Since virtually sharing data is the only way to directly send files to your remote coworkers, businesses should implement (and use) a secure key and certificate management to encrypt data.
When transferring data, your users should always use an encrypted VPN tunnel and never rely on unsecured cloud platforms or personal accounts.
During a teleworker assessment, your security adviser will check if you’re using the above process for encrypting data before sending it. They’ll also look if you’re using the latest and most secure encryption algorithms.
Managed access control points
Unfortunately, endpoint protection isn’t 100% effective, and just tracking your cybersecurity problems isn’t enough.
For the best shot at protecting your company network from malicious attacks, you need your biggest vulnerability, your users, to do their part in keeping your network secure.
When performing a teleworker assessment, your security adviser will check how your users are contributing to your security posture — or lack thereof — in the following areas:
1. Routing remote access through control points
This goes back to having VPN connections set up for secure access, but it also means making sure they’re utilized.
This is important because you don’t want your users relying on less access secure methods, such as personal cloud accounts.
2. Segment teleworker traffic
Another way your remote users can help protect your network is by segmenting their Internet traffic.
This security measure is typically accomplished by providing each user with a teleworker device, such as the Meraki Z3. These devices separate personal traffic, such as streaming video, answering personal emails, or Internet use from other household members. By doing so, it limits the amount of traffic your remote user could expose to your company network.
You may also want to remind your users not to use their designated work devices or personal activity or share their work devices with other members of your household.
3. Walling off traffic
“Walling off” refers to the cybersecurity practice of using firewalls or control lists to protect your most sensitive information by defining what traffic is permitted on your network.
On your end, you want to limit what remote users can access, which in turn limits your company network’s exposure to potential malware.
Just as parents use safety gates and childproof locks to keep young children out of rooms or cupboards they shouldn’t have access to, walling off prevents unauthorized users and attackers from accessing data they shouldn’t.
Privileged access and command control
With this area of security, your security advisor is looking for who can access what within your company network.
Along with walling off portions of your network, you can restrict who can access what through privileges and command control.
Some policies your security adviser will look for and/or recommend during a teleworker assessment include:
1. Least-privileged baseline
This concept gives your remote users the minimum access by authorizing them to only access what they need and nothing else.
Most of your users should fall under this category.
If needed these privileges can be altered. However, by using the least-privileged concept, you’re taking an abundance of caution to protect your network and proprietary data.
2. Second account for admin access
For those users who do have access to the more sensitive parts of your environment, the best teleworker security practice is to use a separate account for admin functions.
While some of your remote users will need admin access, it’s important to separate that workload by using a dedicated account to perform those functions.
Admin access can go deeper into your IT environment, so it’s important to make sure there is no malware that can leverage this account.
And, going back to the monitoring we talked about earlier, you’ll want to set up alerts if accounts try to access admin-privileged files.
Why is a teleworker security assessment beneficial?
A security assessment is beneficial for every business.
As companies who have never operated remotely find themselves with a remote workforce, addressing security is imperative.
We’ve yet to find a business that perfectly implements every form of cybersecurity protection and has no room for improvement.
With your workforce spread out, there is more room for attacks. You might be using new technology, and gaps and misconfigurations can attribute to your vulnerability. On top of this, attackers are more active than ever.
A teleworker security assessment is designed to specifically look at your remote workforce security posture to check how secure your network currently is and provide an actionable plan for increasing your security.
While there is no substitute for having a certified security consultant perform a security assessment on your remote workforce environment, we think the following articles can guide you on strong security practices: