Remote work has taught us that people can be just as productive working from home as they are working in the office. Specifically, hybrid operations have proven to be a perfect balance of in-person interaction and remote flexibility. One major factor that leadership needs to consider regarding remote operations is cybersecurity status. If your users can easily log into your core network and applications, so can cyber criminals.
If not effectively managed, remote operations present a major risk to any organization and have become a prime target for cybercrime. Remote operations are generally great - after all, your organization may be able to reduce real estate and other related costs. But don’t forget – you need to invest in cybersecurity like never before.
Although several years have passed now since the initial rush into remote operations, many organizations find themselves distinctly lacking in cybersecurity controls around remote operations. Accessing a network is the main goal of an attacker, and it’s much easier to get around the security of a user’s home PC riddled with malware compared to secured corporate devices.
What are the biggest cybersecurity threats to remote workers?
A compromised workstation or endpoint is the biggest threat to remote operations. By infiltrating a user’s system, attackers can pivot this into full network access if the proper security controls are not in place. This compromise presents the biggest risk if an organization allows non-compliant devices to connect directly into their network.
For example, you are at risk if your organization allows any user to connect directly via VPN or RDP into your network from a personal device. Without properly vetting whether the device is running the latest patches and security, there is a gap in visibility and security. Attackers leverage this fact and target personal devices with attacks such as phishing or Remote Access Malware.
Which threats are more relevant within hybrid or remote operations?
Another significant risk is from user account access within SaaS applications. While not a risk exclusive to remote operations, the risk is much higher when unmonitored devices can download and sign up for services that are not vetted by the central IT team. This “Shadow IT” (hidden IT and services that go unnoticed by the IT team) can be a major vector for compromises that are difficult to detect.
Shadow IT is hard to counter with the proper device management, policies, IT strategy, and data protection plan. If users are signing up for an alternative service (for example, Box when OneDrive is the company standard) there may be a training or functionality gap. Be sure to evaluate whether your users are satisfied with your current remote work stack and conduct gap analyses on current solutions if Shadow IT is a big problem at your organization.
What are the top five tips to stay safe with remote work?
- Account Safety with Multi-Factor Authentication and Single-Sign-On
- Multi-factor authentication (MFA) is the gold standard of account security. In fact, we often reiterate that accounts without MFA are completely wide-open to attack. Username + Password is an outdated concept that has led to a large majority of account compromises. Ensuring that users must use their alternative devices physically in their possession helps ensure that they are actually the person logging in to the account.
- Single-Sign-On (SSO) is a newer technology that limits the available attack surface for hackers by linking all logins into a single service. This service will require MFA, strong passwords, and contain the proper administrative and alerting capabilities to thoroughly protect accounts from attack. As an added bonus, users have an improved workflow since sign in is only required once a day.
- Centrally Monitored, Managed Devices
- By utilizing a centralized monitoring and management solution, teams are able to verify important metrics such as device health, security compliance, patch status, and user information. The tools used to achieve these remote management goals are called Remote Monitoring and Management (RMM) solutions and Mobile Device Management (MDM).
- Solutions like RMM and MDM help enforce compliance on company devices as well as monitor important status indicators. If a user is having an issue, these tools enable remote support from the IT team without utilizing dangerous and unwieldy remote access tools.
- Compliance-oriented VPN
- If your organization allows anyone to connect to your VPN, you are increasing your risk of a compromised personal device infiltrating your network.
- Enforcement of device compliance, MFA, and modern VPN clients will help reduce the risk of your network’s perimeter being compromised from a device that was not complying with the organization’s cybersecurity policy.
- Controlling Administrative Accounts
- An organization’s admin accounts are the most valuable asset an attacker can obtain – this gives them free reign within the environment to act with impunity. They can even remove logs and security roadblocks with this account, hiding within a network for months on newly created admin accounts that branched from the original.
- Utilizing strict administrative controls such as blocking local admin on workstations, following the principle of least privilege (POLP), and leveraging a Privileged Access Management (PAM) solution can help significantly reduce the risk of a breached network admin account.
- Managed Detection and Response Services
- Managed Detection and Response (MDR) services serve to prevent, detect, and respond to cyber incidents remotely by utilizing innovative security solutions.
- MDR services help to augment an existing IT security stack by providing direct protection to company assets – whether remote or on-premise.