Security and Work-from-Home
The modern workplace is evolving and flexible work is becoming more common. Besides that, the spread of COVID-19 has become an illustration of the need for work-from-home capabilities for many businesses during emergencies. However, working from home is considered more of a security risk by most security professionals and for good reason. In this blog we will be considering some of the important security foundations for creating a secure business network while enabling work-from-home for your employees.
Let's begin at the endpoints themselves. Are your employees going to be using personal devices to perform their work or company owned devices? There are security benefits to providing devices, but there may be financial reasons that the organization has chosen to allow personal devices to be used. Either way, there are some basic steps that should be taken for the benefit of the organization.
1. Require a VPN connection
Employees may login from public wifi locations or their own unsecured home networks and both of these can be a threat to the organization. By forcing employees to use an encrypted connection many threats can be removed. Otherwise, everything those employees are doing can be easily seen by the malicious actor sitting on the network using freely downloadable tools.
2.Secure the Endpoints
AV / Endpoint Security
The cost of behavior-based endpoint security platforms is well-worth the money to secure the endpoints your employees are using, even if they are personal devices. Many people use the cheapest free home version AV or none at all. Do you want endpoints with such low levels of security interacting with your organizational data?
Unified Endpoint Management (UEM)
A UEM program is able to force all devices, regardless of OS, into conformity with corporate security policy. For instance, requiring devices to be up to date with latest firmware OS and having the appropriate security patches is well-within the prerogative of the organization before allowing endpoints to interact with organizational data. More advanced tools can be utilized, as well, such as containerization on personal devices so that organizational data remains in an encrypted container that can be remotely deleted in the event that the device is lost, stolen, or if the employee is terminated.
Additionally, the organization may choose to issue tokens to specific devices so that only those devices can access the network at all. This will, of course, require tokens to be managed by the organization or another service. Furthermore, tools like these make it easier to manage which devices (and users) have access to which information.
A properly sized Next-Gen Firewall is worth its weight in gold to the organization. The device should be of sufficient capability and sufficiently licensed to allow for the VPN access which will be required for work-from-home as well as the security configurations necessary to easily restrict and monitor the activities of the users. However, industry leading firewalls such as Fortinet and Palo Alto have security capabilities that will certainly help to enable all of the endpoint security features and policies formerly mentioned and to keep data moving freely.
Organizational data is likely housed in multiple locations such as multiple cloud services, on-prem servers, and in cloud-based SaaS applications. With dispersed data and dispersed users, securing organizational data can seem like an impossibility. However, there are great options for gaining visibility and control of that data.
A Security Operations Center (SOC) can deploy SIEM technology (Security Information and Event Management) specifically to gain network visibility and unify the network traffic data into one platform. By collecting and analyzing the logs from across the network in real-time, the SOC is able to see what users (and malware) are accessing, where they are accessing it from, and what they are doing with the data. The SOC can actually watch threats pivot from server to server in real-time, regardless of where those servers are located.
2. SIEM Policy Configuration
Additionally, the SIEM can be configured to disallow certain user behaviors that are deemed suspicious. For instance, if the same user logs in from a Houston IP address and then an hour later logs in from Chicago, the SIEM will halt the activity while it is investigated as that movement would be impossible (with current human travel capabilities).
Wherever your employees are located, they need security training and policies to adhere to. Here are a few specifics.
1. Multi-Factor Authentication (MFA)
Forcing your users to use MFA may inconvenience them a small bit, but it goes a long way toward securing the organization. A simple text message with a code upon employee log-in is minimally invasive but can be extremely beneficial to the organization's security posture. Your employees need to understand why that is.
2. Email Security Training
Most security professionals are shocked to see how many of their employees click on that malicious link or download that suspicious document. I recently heard of an organization experiencing an 80% click rate on their first email security training mail out. The need for email security training is true whether those employees are at home or in the office!
3. General Security Awareness Training
Security is a culture. Having regular conversations about the threats to the organization and building in positive incentives for your employees to pay attention to security bulletins can greatly help in preventing breaches.
Tuearis Cyber would be glad to help you evolve your cybersecurity program to accommodate and secure more work-from-home capabilities so that health scares don't become security nightmares! We offer both professional services and managed security and SOC capabilities to get your work-from-home plan up and running!