In response to sudden work-from-home directives, business leaders everywhere are asking trusted security professionals: How do we balance security with employee productivity?
The biggest initial unknown was bad actors. Would they continue to strike, even stepping up actions on the vulnerable ranks of remote workers? The response came quickly and fiercely: an overwhelming “yes” that put defenders on notice.
Is Our Data Safe?
Attack volumes and surfaces both continue to expand simultaneously, according to VMware Carbon Black experts hosting the recent “Working Remotely, Securely” webinar.
With the estimated 70-percent increase in remote work, experts point to month-over-month surges of:
- Ransomware attacks.
- Waterhole attacks on websites and mobile apps.
- And other cyber threats.
In March 2020, according to VMware Carbon Black research, ransomware attacks increased 148 percent over baseline levels from February 2020. Global financial services organizations were the most heavily targeted.
Amid the uncertainty, IT security teams work tirelessly to keep organizations and data safe. They’re doing everything from pushing updates to reconfiguring networks as they accommodate traffic surges from unknown locations and through personally owned devices.
“Customers tell us they need to increase employee connectivity while shifting more focus to protecting remote users at distributed endpoints,” says Ryan Murphy, founding team member of VMware Carbon Black.
5 Considerations for Improving Remote Work Security
Like pilots adjusting when a plane is in the air, many security teams are working from home themselves, altering standard operating procedures. Now is an ideal time to share these five best-practice considerations for improving remote employee data security.
1. Rethink Security Operations Centers (SOCs) and workflows.
COVID-19 has proven that organizations need to look beyond security operations and solutions that require a physical presence. Many enterprises built centralized SOCs, where dedicated teams sit in one location to detect, respond to and prevent threats. The current environment, however, underscores the need for security professionals to work remotely or from geographically distributed locations.
To gain this capability, you can deploy a cloud-based security stack, enabling SOC teams to identify vulnerabilities, install patches and validate configurations remotely through the cloud. Organizations with these capabilities gain an advantage in adapting to the new environment. Others are now taking steps in this direction—with cloud-based and or software-defined models—to improve not only their security postures, but also business continuity and business resiliency for tomorrow.
2. Practice digital distancing.
A family home may now include a plethora of mobile devices (e.g., phones, tablets, laptops, personal assistants, etc.), as well as home automation and security systems. But from a cybersecurity standpoint, these environments are polluted by so many different connected devices with little or no protections.
“Digital distancing” leverages the same philosophy as the current “social distancing” pandemic-related practices. IT security teams play an important role in educating remote workers. A few examples:
- Instruct users to isolate their work-related digital activities to a single, separate network on their home routers.
- Employees need to limit access privileges on their home routers to keep cybercriminals from taking control.
- As much as possible, remote employees need to digitally distance their work-related systems from other connected devices in their households, particularly when leaders or employees trade in sensitive information (see below).
This is a new level of security hygiene for organizations working under new, unprecedented conditions.
3. Stop island hopping in its tracks.
Enterprise leaders count on IT security teams to safeguard their company’s reputation. The increase in remote employees raises an organization’s vulnerability to island hopping cyberattacks. Attackers can use home networks as stepping stones to corporate assets.
To detect and stop these threats before they hit home, real-time visibility into employee systems and the larger corporate network are key. Now is the ideal time to look into cloud-based threat hunting. Endpoint detection and response (EDR) solutions can provide powerful, real-time device assessment and remediation capabilities to defend against threats. In addition, virtual infrastructure technologies, such as micro-segmentation, allow teams to isolate malware within corporate networks and minimize its damage.
4. Support executive collaboration and sensitive conversations differently.
Different roles and responsibilities require different levels of security. IT should prioritize giving executives and others working with sensitive information specially hardened systems. These can better support critical conversations and tasks performed from home.
As part of this process, CISOs should encourage executive staff members to upgrade routers. IT should deploy a digital workspace solution across laptops, smartphones and other devices to provide more secure access to corporate information. These solutions enhance security with technologies like multi-factor authentication (MFA).
Additionally, security teams can educate leaders handling highly sensitive information to begin practicing digital distancing with their own devices. For example, they should take calls on a smartphone in the living room rather than in a home office, where a laptop is already in use.
5. Make Tuesday “security night.”
Routines help create good habits. Patching systems on Tuesday nights is a longstanding tradition in the IT industry. Cybersecurity teams can build on this tradition by dedicating one night each week not just for patching, but for pushing out all kinds of security information, tips and recommendations to remote work users.
It’s now more important than ever for CISOs and security teams to guide their organizations in digital distancing and good cybersecurity practices.
Suddenly remote work environments introduced massive, sudden changes to traditional security models and approaches. The best any CISO and IT security team can do now is adapt, keep evolving and continue educating the workforce.