To say a lot has changed in the past year is an understatement.
For many of us, our workplaces look different, and our social habits have changed.
An often overlooked change is in cybersecurity, and like much of 2020, it wasn’t a change for the better.
In addition to a global pandemic, COVID-19 is also classified as the largest-ever cybersecurity threat.
- Ransomware attacks have increased by 105%.
- Email phishing attacks increased by 667% and are the most common data breach for users working at home.
- The number of unsecured remote desktop (RDP) machines rose by more than 40%.
- Brute-force attacks on RDP machines grew 400% in March and April alone.
In addition to being mindful of your physical health, your business also needs to prioritize the health of your IT environment.
Unfortunately, the increase in the remote workforce has made this harder for many businesses because their attack surfaces have increased.
What’s an attack surface?
The attack surface of a computer system and network environment is the sum of the different points (the “attack vectors”) where an unauthorized user (the “attacker”) can try to enter or extract data from an environment.
In simpler terms, it refers to how many opportunities exist where an attacker can exploit and gain access to your network.
With a remote workforce, you’ve increased your attack surface because your users are no longer operating under a single network that you have control over. Instead, each user may be using their home network, with varying levels of security.
The good news is IT consulting companies have kept a pulse on the changing needs of cybersecurity, such as addressing a larger attack surface.
At The KR Group, we started working with our customers to transition to work-from-home and hybrid workplace environments.
This included the infrastructure to make the move possible and the security protocols to keep attackers out.
To address the increase in cyber attacks and the trend toward larger attack surfaces, we advise customers on eight key security measures:
- User awareness
- Endpoint security
- Patch and vulnerability management
- Network security/security stack
- Password and authentication security
- Encryption practices
- Teleworker network segmentation
- Back-up and disaster recovery
It isn’t possible to guarantee you’ll never experience a threat, even if you implement every measure listed above. However, by following these best practices, you can significantly decrease your chances of becoming a victim of an attack.
1. User awareness
Even before your users were working from home, they were your most significant vulnerability.
According to research from Proofpoint, a security solutions provider, more than 99% of cyber attacks require human interaction to execute. Your users are the last line of defense between a successful attack and your network.
Because of IT security’s continually evolving nature, it is important to keep your users aware of what they should be looking for. We recommend training at least twice a year, and quarterly is even better.
You can also opt to do in-house training or security simulations through KnowBe4 or SANS Institute. With these platforms, you can send out phishing tests and social engineering attack simulations to keep users on their toes.
2. Endpoint security
Endpoint security is how you protect your employees’ devices (endpoints), such as desktops, laptops, and mobile devices, from cybersecurity threats.
When it comes to endpoint security, the options can quickly be overwhelming.
There are a variety of solutions, and each option has multiple vendor choices. And even those vendors may offer different tiers within those choices.
We could spend the whole article talking about the options for endpoint protection — we have before.
For brevity’s sake, there are a couple of highlights you must remember about choosing endpoint security solutions:
- Identify coverage gaps in antivirus by checking the status of subscriptions/support agreements and keeping software updates current.
- Consider next-generation antivirus (NGAV), which incorporates AI and machine learning instead of traditional antivirus that relies on a set of predefined signatures.
3. Patch and vulnerability management
Attackers frequently exploit outdated operating systems and application patches to gain access to your network.
Fortunately, you can easily reduce this security risk by staying current with updates and patches.
The best way to ensure you don’t miss an important update is to develop a patching strategy.
When it comes to remote and teleworker devices, this is particularly important because you don’t have the same control over network traffic as you do in your office.
4. Network security
The first step you can take to secure your remote workforce is to ensure all security appliances are updated with active support contracts at the network level.
Opting to implement client VPN instead of publicly exposed Remote Desktop Protocol (RDP) provides a more secure way for users to connect to your shared business data remotely. As previously mentioned, RDP brute force attacks have increased by 40% since the beginning of the pandemic.
Additionally, you can extend protection to your users’ email inboxes by implementing a third-party email threat protection.
Even if your email platform of choice incorporates some level of antivirus protection, they aren’t as robust and comprehensive as a third-party solution.
5. Password and authentication security
We see the IT industry trending toward non-expiring complex passwords.
When choosing a password, create one with at least 12 to 15 characters. It should include both uppercase and lowercase letters, numbers, and special characters.
Also, avoid using easy-to-guess passwords, such as family members’ names, birthdays, or anniversaries.
Implementing multi-factor authentication strengthens your login security by requiring an attacker to have two pieces of information to access an account.
So, even if they manage to reveal your password, without the information from the multi-factor authenticator (usually a one-time code or accept-or-deny request), they’ll stay locked out of your account.
Encryption protects your files in three different states: at rest, in process, and in transit.
While the function of each type of data varies, its susceptibility to an attack is constant. By encrypting your data in any of the above forms, you’re preventing an attacker from gaining access and making sense of your data.
For data at rest, encryption generally happens at the disk level. Using an encryption solution, such as BitLocker for Windows devices or FileVault for Apple devices, you can prevent malicious actors or anyone else who finds or steals your devices from accessing these files.
For data in process, encryption is typically covered by your endpoint protection solutions. Since this data isn’t being sent or stored long term, encryption doesn’t need to occur until it is in one of those phases.
And for data in transit, consider implementing a secure key and certificate management system.
7. Home network device segmentation
The increased chance of an attack from multiple users connecting from various networks is only part of the risk associated with a remote workforce.
Even with security solutions in place, network segmentation provides an additional – and needed – layer of protection for the risks associated with working on a home network.
Users who aren’t security inclined may not think about the security risks associated with opening personal emails, charging their smartphone through the USB port, or general web surfing.
Remind users only to use work-issued devices for work-related activities, and use personal devices for personal activities. This means avoiding checking personal emails on work laptops and, vice versa, checking work emails on home computers.
User training, as we discussed earlier, plays an essential role in reducing this risk. However, if you don’t want to solely rely on your user to remember safe remote workforce habits, you can segment users’ home networks.
8. Back-up and disaster recovery
We hope it never comes to this, but as a last resort, back-up solutions allow you to return to a previous set of data before a malware infection.
For this to be possible, you need to have back-up solutions in the first place.
It is best if you also examined your policies around back-up. How long can you go without having your data restored? How frequently do you need to have a full back-up of your IT environment?
Strengthening your remote workforce’s security posture
Keeping your remote workforce secure isn’t impossible, and there are several ways to address your increased attack surface.
- Training your users keeps them informed on what threats and risks currently exist.
- Including endpoint security complements user awareness by providing an additional layer of protection – regardless of where your user is working.
- Staying up to date on patches across your environment reduces the chances of an attacker having an opportunity to exploit.
- Network security, such as using a VPN, provides a secure way for remote workers to access shared data.
- Password and authentication security protect accounts from being hijacked.
- Encryption increases the difficulty for an attacker to steal data in any form.
- Home network device segmentation keeps traffic separate and reduces the chance a threat on a personal device or account makes its way onto your business network.
- Back-up and disaster recovery provide a last resort option in case an attack does affect your data.
We’ve seen first-hand how neglecting any number of these points can put your business network at risk.
However, these are only a few of the considerations you need to make when securing your remote workforce. For more tips, download our free remote workforce technology checklist.