Cybersecurity in a Remote Work Environment
Even before the COVID-19 pandemic, remote work had already been trending. In 2015, 3.9 million U.S. workers were working remotely. Today, about 16 million workers in the U.S. switched to remote work amid the health crisis, according to a Slack survey conducted in April 2020.
One way of looking at it is this is a long-overdue paradigm shift towards a healthier and more flexible work environment. On the other hand, this is a several-fold increase in potential online targets for cybercriminals.
So how can we keep our digital workplace secure? Must we trust any device our employees use to handle company data? Not necessarily. As you’ll see below, it’s not even a question of trust.
Remote Work Brings New Cybersecurity Risks
In our sudden shift to remote work as a way to protect ourselves and our families from COVID-19, both new and familiar threats have been popping up.
Even as Zoom fixes their much-publicized security woes, Google Chrome recently confirmed two critical security vulnerabilities potentially exposing 2 billion people worldwide. The more familiar threats such as email phishing scams are also increasing.
However, the main problems with remote work cybersecurity stem from the most basic issues. As opposed to using corporate-issued equipment that stays inside a company’s network, many remote workers connect to their company’s network using personal devices on home or public WiFi. These WiFi networks often use weaker security protocols that make it easier to intercept sensitive data between endpoints. That data not only can get stolen, but also be altered.
Although most employees have no ill intentions, negligence towards digital security has become a huge liability. For example, a seemingly minor mistake like forwarding an email attachment and printing from a personal device infected with malware can compromise an entire network. The key to ensuring proper endpoint security is to train employees on best practices while instilling a sense of shared responsibility. When all employees (not just the IT team) consistently apply these practices while actively monitoring for unauthorized access from any cloud application or individual, the company data will likely remain secure.
If remote work is to be sustainable in the long term, we need to ask ourselves:
How can we close these gaps in endpoint security and maintain data integrity among a remote workforce?
Are Cloud-based and SaaS Solutions Secure?
To answer that question, we need to take stock of cloud-based and SaaS tools used for remote work. Unlike an IT team having granular control over security within their own network, each cloud vendor has their own cybersecurity protocols that we have almost no control over.
When using all these cloud-based platforms, each with different cybersecurity policies, we are forced to trust each vendor that they’ll keep our data and communication secure. But after recent security mishaps with some popular cloud vendors, IT managers are understandably nervous about trusting these platforms with data security.
However, the key to maintaining top security while using cloud solutions is to understand who is responsible for what. While cloud providers are responsible for securing their platforms, physical servers, networks, operating systems and applications, they are not responsible for data security. That responsibility lies solely with the users.
Therefore, to prevent security breaches, companies should implement improved security practices and technologies on top of their cloud platform usage. These practices include identity and access management (IAM), data encryption, disaster recovery planning, mobile device management, and constant monitoring over data sharing.
Most importantly, IT teams need to carefully select a cloud platform or SaaS that they can integrate into existing IT infrastructure. The following questions should be asked during the selection and vetting process:
- Is the platform deployed on a safe cloud server?
- Does it have the proper security certifications?
- Do they ensure data privacy?
- Do they offer more granular control over user rights and data access?
Even though a certified cloud platform may offer adequate security controls, IT teams still need to stay on guard, especially when company employees work remotely. This is where the relatively new zero-trust security model comes in.
How the Zero Trust Security Model Works
Traditionally, companies have used a trust-but-verify approach to IT security. But with growing numbers of remote employees coupled with increasingly sophisticated cyberattacks, this approach doesn’t seem to be working anymore.
Even with strong passwords and multi-factor authentication, companies need constant monitoring to detect behavioral abnormalities before attacks happen. A zero-trust security model helps companies do exactly that. This “never trust, always verify” approach is based on three principles:
- All resources are considered external.
- All traffic must be authenticated.
- Access is provided on a strict “need-to-know” basis.
According to these, nothing inside or outside a company’s security perimeter is trusted by default.
Every application, every device, and every user handling company data must be authenticated—not just once—but within every session or action being performed. Zero trust security continuously authenticates while granting only the minimum permissions necessary to get the job done.
However, this does not mean a more tedious and cumbersome user experience. No one needs to log in every time they need to perform every little task. There are tools IT teams can use to create a seamless user experience while maintaining zero-trust security, including:
- Unified endpoint management (UEM) solutions
- Endpoint detection and response (EDR) technologies
- Data loss prevention (DLP) technologies
- Virtual desktops
- Password-less authentication (e.g., biometrics)
- Multi-factor authentication (MFA)
- Conditional-access policies
- Dynamic risk scoring
For many companies, however, this may not only require a new set of tools and a new budget, but also to undergo a complex IT migration process fraught with potential pitfalls.
Managed Security Operations Center as a Service
Fortunately, there are service providers that can deliver Security Operations Center (SOC) capabilities that provide IT zero trust security services. Creating a SOC within your IT organization can be prohibitively expensive and difficult due to costs associated with the tooling and acquisition of highly trained cybersecurity engineers. Leveraging a Managed SOC-as-a-Service can alleviate this through a monthly subscription service.
Not only can a managed SOC-as-a-Service supply the necessary expertise to transition to a zero-trust model, but they also provide access to the necessary cybersecurity tools and security engineers to perform real-time security event monitoring, rapid detection and isolation of threats. A SOC also provides around-the-clock protection from ransomware as well as assistance in compliance management.
Finally, companies with distributed teams of remote employees would also benefit from a unified endpoint device management system to control application access on all devices connecting to their network, furthering your security posture to a zero-trust model.