Blog: How to Maintain Security When Employees Work Remotely
The accelerated shift to remote work triggered by the pandemic created new opportunities for hackers, with half of businesses reporting at least one security scare. The vulnerabilities are many, including unpatched VPN software, unsecured home Wi-Fi networks, personal devices used for work, and increased phishing attacks that target people working from home.
The Ponemon Cost of a Data Breach Report, sponsored by IBM, puts the average cost of an attack at $3.86 million. Seventy percent of study respondents also said remote work security issues would increase the price of a data breach, and 76 percent said it would increase the time to find and contain an attack.
According to IDC, endpoint devices are the origin of 70 percent of successful data breaches. The problem has worsened with the move to remote work. Employees connecting to internal networks from outside the office expands corporate attack vulnerabilities. If devices and access to data are not correctly managed, attackers can use endpoints to execute malicious code—potentially affecting data and systems in the corporate network.
While the return to the office post-pandemic is inevitable for many, the success of remote work has many organizations planning to make it permanent for some or allowing much more flexibility around where work is done in the future. That means the challenge for IT teams is finding remote work security solutions that also enable employees to seamlessly and easily connect with the applications, collaboration tools, and data they need to be productive and successful.
Advanced Solutions for Remote Work Security
The first line of defense against cyberattacks is protecting employees from themselves with training to equip them better to follow best practices at home and spot scams like phishing attempts.
Virtual private networks (VPNs) can encrypt the link between the user and corporate systems, but that will not necessarily prevent a malware infection from spreading. Additional endpoint device protection and user access requirements must be in place.
The old IT "castle and moat" philosophy for cybersecurity must evolve. We can't put a fence around everyone. Information must be accessible to users wherever they are, and therefore can't just be locked away on networks that are only available on the devices inside offices. Advanced techniques, like zero-trust solutions and monitoring with artificial intelligence, can help protect users, networks, and information.
Zero Trust and User Identity Management
Building off the traditional security in-depth model—but taking a user- and data-centric cybersecurity approach—enables organizations to navigate the remote work security risks inherent in the flexible work new normal. A zero-trust security model assumes anyone inside the network perimeter could potentially be a bad actor. Some of the principals of zero trust include:
To help establish that only the right people have access to the right resources at the right time from an approved device, tools like Microsoft Azure Active Directory (AD) can be leveraged as the centerpiece of a zero-trust remote work security strategy. Microsoft Azure AD enables strong authentication but also serves as a central point for policy control, enforcing least-privileged access to data, applications, and workloads. That means allowing only enough access to do the required job. Azure AD leverages conditional access policies utilizing user-behavior analytics to enforce prescribed access policies.
Control Access at the Micro Level
With Microsoft's Azure Information Protection, organizations can put controls on email, documents, and sensitive data that are shared internally and externally, better defining who they're shared with and what they do with them—no matter where they're stored.
Data loss prevention tools in Microsoft Office 365 and Teams let organizations identify sensitive information, like credit card numbers or health information in documents, and set policies to limit access and prevent unauthorized sharing.
Software can be installed on endpoints to block users from downloading restricted data onto removable USB drives.
Another way to improve security is to have users access applications in the cloud through web interfaces and virtual desktops like Microsoft's Azure Windows Virtual Desktop solution. Keeping apps and data in a secure cloud bubble helps reduce endpoint threats. Instead, the focus is on limiting access to the right people leveraging zero-trust models.
Use Advanced Security Monitoring
Defenses must adapt to security threats that are continually evolving and becoming more sophisticated. When you add distributed workforces to the mix, end-to-end visibility is required. As difficult as security is, there are some powerful tools that help level the playing field by leveraging artificial intelligence, the cloud, and machine learning. Many organizations today rely on a layered approach to address the advanced tactics used during cybersecurity attacks. Microsoft and Cisco offer comprehensive, advanced multi-layer solutions designed specifically for campus-based and distributed workforces, providing the visibility needed to help protect against and react to cybersecurity threats.
For example, Cisco Umbrella and Cisco Advanced Malware Protection (AMP) for Endpoints provide strong layers of defense to address a multitude of threat attack types. Working at different—yet complementary—layers, Umbrella prevents connections to malicious destinations and attacks at the internet connection. In contrast, AMP works at the file level to help prevent the initial malware execution and track the behavior over time. Together, these solutions help organizations protect against blended threats using email, web, and other more sophisticated techniques. Combine this with Cisco Duo—which verifies authorized users with multi-factor authentication—organizations can address security threats across even more layers. Enabling visibility and a single pane of glass, Cisco has recently launched SecureX to unify an organization's entire security ecosystem, offering simplicity, automation, and efficiencies.
Microsoft offers similar tools for advanced security monitoring. Microsoft Defender ATP delivers endpoint defense, while Office 365 ATP provides needed email hygiene and messaging protection. Additionally, Azure Sentinel brings intelligent security analytics and threat detection across organizations. It's a single solution for alert detection, threat visibility, proactive hunting, and threat response. For example, it can spot potential threats, like when there is a login from the same person in the U.S. and another country within minutes of each other. This type of technology serves as a force multiplier minimizing response times as it supports security orchestration, automation, and response (SOAR) to automate actions when certain indicators of compromise are spotted.
These are just a few examples of the security solutions enterprises can leverage by taking a user- and data-centric approach to cybersecurity to better minimize their risks while also gaining visibility.
Secure But Flexible is Key
People, networks, and information have to be protected, but the defenses can't be an impediment to productivity. Advanced solutions for remote work security can achieve that.
A seamless, centrally-managed security strategy includes cloud-based data and apps for secure access and collaboration. Strict identity verification helps verify that only the right people and devices access data that is segmented in the cloud, so users see only what they need to see. Data policies can be embedded in documents to control further how sensitive information is shared. Advanced monitoring using artificial intelligence can detect malicious behavior and shut it down.
Remote work is here to stay, and there are significant security challenges. But the right tools, provided and managed strategically, can help protect your organization.