We are fortunate to have today’s advanced technologies that allow so many of businesses to offer remote work with little disruption from the standard business day-to-day. The large availability of internet access, cloud services, and relatively low-cost computing power makes remote work a viable alternative for many industries. But as more people enter the cyber workforce, it is wise to be aware that this increases our risks for cyberattack. Work networks are now connected to home networks and many times employees can become more relaxed with security protocols when not working in a more standard work environment.
How Can You Keep Your Business Secure in a Work from Home Environment?
As with most things, there are two main vantage points from which cybersecurity needs to be looked at: the employer’s perspective and the employee’s perspective.
Employer Perspective for WFH Cybersecurity
- REVIEW overall IT setup. This may include a network audit that looks at your physical network, VPN configurations, devices, ports, etc.
- REQUIRE employee security training. IBM reports that 95% of cybersecurity breaches are caused by human error.
- HEIGHTEN security on VPN connections and remote access.
- MANDATE password policies and strong protection measures. According to LastPass, 66% of all people use the same password on multiple accounts.
- ESTABLISH multi-factor authentication.
- UPDATE security software to protect against phishing emails and ransomware. Phishing scams remain the top attack on businesses of every size.
- SETUP proper firewall configurations and endpoint protections. According to Security Magazine, 70% of breaches occur at endpoints.
- DISTRIBUTE company issued devices secured and controlled by IT or implement a robust BYOD policy.
- BACKUP data in a centralized cloud to allow for team access while managing and protecting data.
- PREPARE a disaster recovery plan to be able to quickly deploy remediation measures. It is more about when you will be breached rather than if, and, according to IBM, the average lifecycle of a breach is 314 days from the breach to containment.
Employee Perspective for WFH Cybersecurity
- BE AWARE and stay vigilant as there is a much greater threat landscape today. Be mindful of phishing scams.
- SECURE home WiFi routers and change default equipment passwords.
- LOCK all devices.
- CREATE hard to guess logins and passwords. Do not use the same credentials for multiple accounts as if one gets breached, they all do. Change your passwords at least every 90 days.
- SET UP multi-factor authentication. According to LastPass, only 37% of people use multi-factor authentication at work.
- FOLLOW all company policies. Pay close attention to IT notifications and install updates immediately. The 2020 Cyber Hygiene Report states that “almost 60% of data breaches in the past two years were caused by missing security patches."
- ACCESS and save all data in the company storage system, such as SharePoint.
- AVOID working on open WiFi networks and create a guest WiFi network if you are sharing your internet with your household.
5 Security Concerns for Remote Workers
What security flaws are exposed when a user moves from a secure corporate office network to their home?
Household Internet
Employees in the office are protected by the company network’s firewall; employees working from home typically rely on weak or non-existent ISP network protection. As a result, employee devices can become infected, moving laterally and potentially infecting corporate devices on the network. Require VPN access back to the corporate network for internet traffic, helping security and bandwidth. All employees should change home networking equipment’s default passwords.
Personal Devices
Employees using personal equipment such as PCs, tablets, phones, etc., can quickly become an attack target and security risk. Without the security software issued on corporate devices such as endpoint protection, VPN, DNS filtering, etc., all sensitive company data passing through that device is at risk. Mobile Device Management (MDM) allows IT to remotely control, update, or wipe devices. MDM solutions can be used on company issued devices (helping with management and billing) or for BYOD.
Inadequate Awareness and Training
Most breaches come from an end user clicking on something they shouldn’t. Being out of the office, IT is not just a few steps away to quickly quarantine a compromised device.
Proper training and awareness are now even more important in a work from home environment. Employees need to know what to do should they suspect a device has been infected or when a device is lost or stolen.
Email Security
In the same vein of protecting users from themselves, employees can easily fall prey to phishing scams or impersonating emails. Email security solutions integrate with SaaS mail services such as Office365 or G-Suite to safeguard email attacks.
IoT Devices
Today’s houses are filled with smart devices – light bulbs, fridges, personal assistants like Alexa, TVs - all connected to the internet. IoT devices have a long way to catch up with necessary security and introducing a corporate device onto a network shared with IoT devices can be dangerous. This is where network segmentation through two connections, VLANs, VRFs, etc. can ensure the traffic stays separate.
Infrastructure to Support Remote Work
To maximize cyber safety in a work from home environment, you need to look at the infrastructure in both the home and office environments.
Infrastructure in the Home
Home Connectivity
- Upgrade your internet speed to improve both downloading and uploading information.
- Get a second connection only for business to avoid contending with other users on the network.
- Use a small at-home SD-WAN appliance to significantly improve performance even on a single connection. Doing so will help:
- Prioritize outbound business traffic vs household traffic
- Load balance across two connections for better performance
- Improve edge security (if the SD-WAN appliance supports it)
- VPN access back to the corporate network leveraging corporate’s firewall and infrastructure
- Improved VPN performance by using all available bandwidth
Home Security
- Endpoint protection is must-have software on any device. Protect against viruses and malware without the luxury of a next-gen firewall. (Although Windows Defender has improved, it is not a substitute for enterprise-grade corporate endpoint solutions.)
- Add-on to endpoint protection with DNS Protection, providing a safety net from clicking malicious links or websites by filtering out known threat sites and signatures.
- Utilize VPN access if corporate firewalls are in place. Enterprise firewalls are significantly more powerful than anything an end-user will have at home and helps enforce corporate security policies wherever work happens.
Infrastructure at the Office
Office Communications and Collaboration
UCaaS/CCaaS eliminates equipment requirements and the need to update configurations. UCaaS and CCaaS functionality is one of the easiest ways to transition employees to WFH. Desk phones can be used at home or employees can opt for softphone functionality directly off of their computers.
Office Storage, Backup, and Recovery
- WFH users can easily access cloud-based storage environments over the public internet.
- Cyberattacks prey on the limited security afforded by remote work. Having a means for rolling back changes, spinning up backups, or protecting against ransomware and malware is essential to maintaining business continuity.
Office Security
- Routing end-users back to the corporate network through VPN Capable Firewall gives critical protection through enterprise firewall and access to on-prem infrastructure.
- The latest development in Zero Trust secure networking, Secure Access Service Edge (SASE) provides much greater granularity in the characteristics of a user that authenticates and grants access to the network. Once applications transition to the cloud and users access SaaS programs over the public internet, how are you protecting that traffic? A Web Application Firewall is designed to protect HTTP and filter content bound for the web service, further protecting users accessing over the public internet.
- Email security that integrates with SaaS mail services such as Offce365 or G-Suite protects your corporation from users falling for phishing emails or impersonations.
Office Equipment
During times of crises, hardware like PCs and laptops can be hard to obtain and distribute. Desktop-as-a-service (DaaS), Remote Desktop Protocol (RDP) and Virtual Desktop Infrastructure (VDI) solve this by enabling WFH employees to use their own equipment to connect and access all their business apps. Spinning up virtual machines and virtual servers is significantly faster and more scalable than any physical hardware-based solution, and especially useful as headcount increases or decreases.
Making sure that you have a proactive managed services provider (MSP) that is well versed with the risks that a work from home environment poses can set your organization up for success, no matter if your work from home policy is temporary or longstanding.