The Euros may not be taking place this summer but there is another fiercely fought international contest that is ramping up, the WFH cybersecurity battle. Organisations had to quickly pivot to remote working at the beginning of the pandemic for the sake of business continuity. Now the challenge is instating long-term solutions that keep their information secure whilst also not being so overbearing that their employees can’t be productive.
Since social distancing policies were implemented without prior warning, businesses will have to make operational changes now, under the current circumstances and with limited funds. However, businesses can still implement the right technology to get themselves up-and-running. Cybersecurity is all about balancing security with risk. With the future looking like it will be a blended mix of WFH and office working, organisations need to re-evaluate their new risk profile to understand where the biggest threats are lurking.
Security starts at home with the basics
Businesses will have laboured in the past when making decisions on the best network infrastructure to deploy. Now that people are working from home, these issues have been amplified because home networks are likely to open businesses up to further vulnerabilities. You’re relying on a domestic environment to run enterprise processes. Not surprisingly, home networks very rarely have anywhere near the level of security and cyber-hygiene compared to a business network run by IT professionals.
In addition to the usual work-based apparatus such as smartphones and laptops, there is typically a number of domestic connected devices such as smart assistants, games consoles, smart TVs, smart heating controls, smart lighting, connected speakers or personal fitness equipment. Many of these devices refer to themselves as being ‘smart’. That term may be true in terms of functionality, but sadly when it comes to cybersecurity they are often woefully lacking. Given that these devices all share the same home network, they represent multiple vulnerable attack surfaces
Security considerations need to be reconfigured and applied to the home office. This is particularly important for high profile targets, such as the c-suite. However, to start with, there are some basic best practices organisations should consider for all remote workers.
For instance, multi-factor authentication means users are only granted access to business systems and applications after they have presented two or more pieces of evidence (factors) to an authentication mechanism. This could be a physical object, such as a token. It could be something that only the user knows, such as a password. It could be something about the user, such as biometrics. Or, it could be based on the user’s location.
A virtual private network (VPN) makes the home office seem as though it is an extension of the company network. It is like having a private tunnel between the two. Most VPNs will use some form of encryption to ensure that when the data leaves the home office and travels along the internet to the company network, it can’t be read without the encryption key.
Then layered onto both multi-factor authentication and VPN, you might consider endpoint security software. This attempts to ensure laptops, tablets, mobile phones etc., don’t provide an easy way into the organisation for the cybercriminal. There are various different endpoint software vendors out there. By and large, they include next-generation antivirus, threat detection, investigation, and response, device management, data leak protection (DLP) and other considerations to face evolving threats.
Where possible, on-premise security controls can be applied to monitor traffic on external networks so that all data touchpoints are visible to IT managers. Cloud-based web-filtering and data loss prevention controls can be good solutions for the wider remote workforce.
Share the burden of adapting
Even organisations with existing IT infrastructure will have to tweak their processes to make a full transition to home working. Those which have been lagging behind but now are looking to adopt for the first time can take advantage of lessons learned.
In some cases, where scaling up collaboration tools and cloud platforms has not been possible quickly enough, individual business units and teams have resorted to sourcing and implementing solutions themselves. Public file-sharing solutions and collaboration tools often perform in the short-term, providing a quick fix, but they also introduce a host of additional security and efficiency problems as multiple users log on.
Using SIEM and other analytics tools to analyse web traffic, monitor help desk logs and locate suspected shadow IT use, businesses can prioritise on employees’ needs collaboratively. This can help direct businesses towards the best solutions for solo working so the whole team gets it right first time, avoiding the danger of unapproved software.
An inside threat
Working from home was adopted precisely because businesses wanted to keep operating. As such, employees need access to the materials they require to do their job, even if this includes sensitive information. The challenge is that once outside the network the risk of an insider threat increases significantly.
Both working remotely and the economic climate is going to continue to drive an increased chance of insider threats. Organisations need to make sure that their existing risk mitigation processes are applied to their new IT environments. Steps to take include modelling normal activity patterns, so changes from this baseline can be monitored. Any cases of abnormally large amounts of data being transferred on or off the network can be an early indicator of compromise.
It is important to recognise that insider threats are also as much a cultural problem as they are a technological one. Businesses need IT and HR teams to work cross functionally and ask themselves whether they are doing a good job of understanding their employee’s needs, whether their employees are engaged, and identifying those that aren’t so they can work with them to improve their work experience.
The outside threat
The defining feature of the pandemic is that everyone has had to change rapidly. The implication of this is that whilst your business may have adopted best practice and rolled out remote working solutions securely, there is no guaranteeing that everyone in your supply chain has done the same.
Managing this risk requires stringently applying pre-pandemic practices. First, you need to map your data flow, prioritising data governance and implementing means for easily tracking data. Next, organisations should also use cybersecurity ratings to create risk profiles for third parties so they can prioritise the companies they assess first.
Finally, organisations need to review how third parties are safeguarding data in terms of collection, processing and storage. They need to consider who has access, plus what restrictions and security controls are in place around sensitive data, to ensure compliance with the relevant laws and regulations.
Making staff accountable
Once established, organisations should lay out best practices for their employees to ensure that there is a collaborative commitment to practicing cyber-hygiene. This could mean more than setting passwords and renewing their firewalls. IT managers need to make sure what works for individuals also works for the safety of the organisation.
With employees working from home, it can be easy for them to forget about being alert and vigilant to the cyber-threats. Organisations need a thorough programme for communicating, training and enforcing Acceptable Use and Security policies. Continuing good cyber-hygiene practices will be pivotal in making working from home a sustainable model, and the most effective line of defence comes from due diligence on the part of employees. Therefore, communication and education should be made a priority.
The threat of ransomware is a real concern in Europe, now recognised as the most targeted region worldwide. Simultaneously, videoconferencing solutions have become the de facto means of communicating for colleagues to stay connected and collaborate with one another alongside other public, low-cost tools. Many of these solutions are not properly configured for business, opening individuals and their organisations to attack.
A zero trust policy has multiple benefits
Depending on the sensitivity of the data that needs to be protected, an organisation might look to implement a zero trust security model. The strategy is about not trusting something just because it is inside your network. This means you don’t allow them access to IP addresses, machines etc. until you know who that user is and whether they’re authorised. Given the trend towards multi-cloud, multi-hybrid models, zero trust can make a great deal of sense.
Zero trust draws on technologies such as multifactor authentication, IAM, orchestration, analytics, encryption, scoring and file system permissions. Zero trust also calls for governance policies such as giving users the least amount of access they need to accomplish a specific task.
One thing is for certain. Whether remote working is a temporary or long-term solution, remote networks are here to stay. Businesses will need to address this issue with long-term solutions, rather than hoping for the best or attempting a quick fix with light-weight remedies.
David Ellis, Vice President, Security and Mobility Solutions, Europe, Tech Data