How to make remote working secure: 13 best practice tips to increase security
Remote working has been a lifeline for businesses during the pandemic, but the rapid transition has introduced serious cyber-security weaknesses. It's imperative businesses take action to address this now so here are 13 best practice tips to make remote working secure.
January 18th, 2021
As businesses scrambled to suddenly support much larger, permanently remote teams, certain cyber-security policies and procedures fell by the wayside. Simultaneously, cyber-criminals capitalised on the uncertainty, confusion and panic caused by the pandemic and found new opportunities to attack, via remote workers and unsecured technologies.
Remote Desktop Protocol (RDP) attacks were up by 400% in March and April alone, while COVID-19 related email scams skyrocketed by more than 650%. A survey by Verizon found users were 3 times more likely to click on pandemic-related scams, putting businesses at greater risk of credential theft, data breaches, malware and more.
Remote working is not going away. In the UK, businesses will be subject to at least several months of restrictions. Yet, even when things do return to ‘normal’ it’s unlikely that operations will be the same as they once were. It is imperative that businesses prioritise making remote working secure to prevent themselves from falling victim to a breach or serious attack.
13 ways to make remote working secure
1. Educate your employees
New scams, particularly revolving around business email compromise, arrive daily in relation to events, such as the pandemic or a legislation change. It’s important that your staff can identify a one-off or unique phishing scam or at least raise it with IT if unsure. Software can help keep staff sharp with phishing, but ongoing training is critical to protect the business from other methods of social engineering, such as via the phone.
2. Establish 24x7x365 security monitoring
The threat landscape has changed forever and so have the risks as the workforce works remote as standard. It’s essential to continually monitor the security of all infrastructure, cloud environments, cloud applications and end-user devices. The more devices outside the perimeter the greater the potential holes and entry points to an attacker.
3. Establish advanced threat detection and response
It’s vital that you are aware as soon as possible when major threats appear. Security systems also need to be aware and rapidly notify you of any breach or attempted breach of your security. The system action and human response must be rapid to isolate and contain the threat, even if it’s not on your local network. It’s important to note here that the human element is critical, too many organisations are simply relying on slick-looking AI solutions, which on their own just don’t cut it.
4. Deploy aggressive vulnerability management
Keeping systems up to date with the right security patches is more important than ever with a disparate workforce. Unpatched systems and system misconfigurations are a key focus for attackers. It’s important to use scan networks but also to use host-based scanning that allows remote workstations to scan themselves outside of the corporate perimeter.
5. Monitor cloud infrastructure and applications
You must monitor systems that hold your data, even if you don’t actively manage them. Most cloud infrastructure and cloud applications, especially the like of Microsoft, AWS and Google provide large volumes of data that can be monitored for suspicious events and activity.
6. Monitor the dark web for breaches
Corporate data, particularly passwords, appear on the dark web daily. This may come from large breaches, such as with LinkedIn or Adobe, but also from smaller malware attacks that have skimmed off information during an infection. More than half a million Zoom accounts are currently for sale on the dark web and, at only 1p per login, are extremely cheap to buy. It’s important to know when passwords and sensitive information is leaked, so that action can be taken to mitigate the associated risks.
HOW SECURE IS YOUR COMPANY DATA? RUN A FREE DARK WEB SCAN NOW AND SEE IF YOUR CREDENTIALS HAVE BEEN OBTAINED BY CYBER-CRIMINALS
7. Ensure multi-factor authentication (MFA) is in place
Multi-factor authentication is a basic and essential security control both too many organisations are still not deploying it to improve the security of their remote access.
8. Don’t forget backups
Most of the attacks focused on the remote workers aim to deploy ransomware on a corporate network. To take that further, they are also looking to encrypt backups to ensure that a company can’t recover their data. Therefore, businesses should be looking at creating an air gap backup to protect against this threat.
9. Run attack simulation training
Spear phishing is still one of the most common attack vectors. By running this type of training, you can see how employees would respond to real-life attacks and socially engineered campaigns. Results can be used to identify weaknesses and deliver personalised training to those more likely to fall victim to a breach attempt.
10. Implement device risk and compliance checking
You need to ensure devices are secure before allowing them to connect to the corporate network and access resources. Personal devices often do not have the same security protocols and can open several weak points. Businesses need to have clear oversight of all devices connected to the network, be able to distinguish between personal and corporate devices and be aware whenever a new device joins or tries to join. As it may not be possible to install additional security software on the device, businesses should flag it for unusual activity and put it on to a separate network.
11. Implement access governance policies
The rising threat of a breach, internally and externally, means it’s important for businesses to monitor and control who has access to key resources. Policies should assume the principle of least privilege (POLP) – giving users the bare minimum permissions they need to perform their role – and clearly define who has access to which resources and under what conditions they have access. With the right policies in place, it becomes easier to identify areas of ‘privilege creep’ and prevent stale accounts (e.g., ex-employee accounts which are still active).
12. Manage privileged access
Employees are often given full admin rights as standard. However, increased access means an increased risk level. Instead, you should ensure employees are only able to access what they need to fulfil their job role and responsibilities effectively. There should be systems in place allowing administrators to respond to access requests and be notified of any unauthorised access attempts.
13. Adopt a zero-trust principle
The increase in cyber-attack frequency and sophistication, coupled with the hybrid nature of today’s IT environment, means traditional security frameworks are no longer enough. While businesses typically focus on defending their perimeters, assuming everything ‘inside’ is already cleared and safe, this is too open of an approach. Zero-trust is essentially about removing all automatic trust. Anything and everything which tries to connect to the system must be verified before access is granted – ensuring it is the right user, from the right secure endpoint, with the right access permissions, who is making the request.
Remote working security is a critical issue
More than ever, businesses cannot afford anything which would harm their productivity, their reputation, or their bottom line. It’s understandable why measures may have not been fully in place at the beginning, but it’s imperative that businesses now make security a priority.
To make remote working secure, businesses must take stock of their current security landscape, assess the risks, and take steps to improve and protect themselves. If you would like advice or assistance in doing this, to ensure all the bases are covered, please contact the QuoStar team for a no-obligation chat or initial risk review.
10 reasons businesses should use email archiving
We all know that e-mail is the primary channel for business communication, and it will be for many years to come. Most users spend a significant amount of time using email to fulfil their day to day duties. In fact, a recent study found that 46% of email users spend more than two hours each […]
How to reduce risk by aligning business strategy and IT strategy
On the ‘business’ side you have the long term business strategy and plans or business requirements. On the other side lies the IT function. This visible gap is where misalignment begins, but it’s often compounded by the negative preconceptions each side holds of the other. What business executives think of the IT department What IT […]
12 ways to get more out of your cloud computing spend
How to reduce cloud computing spend Fortunately, there are plenty of opportunities for recovering spend quickly and effectively – largely around better cloud management and resource allocation. Of course, any cost-cutting measures need to be performed in a controlled way to ensure the integrity, performance and security of the cloud platform is not compromised. 1. […]