Many organizations are shifting their workforce to mainly remote workers who are able to carry out job functions from home. Organizations are using various types of remote technologies to allow works to connect back to corporate resources or to cloud SaaS applications and/or data centers.
With the shift to work-from-home and remote work layouts, securing remote access becomes extremely important when enabling remote workers to connect to business-critical resources. Let’s take a look at effective ways to secure remote worker access.
Security Threats for Remote Workers
Before you can protect your business from cybersecurity risks to your remote workforce, you have to be aware of what those specific threats are. Let’s take a look at the following threats that must be addresses as part of security considerations for your remote workforce and how these can be mitigated.
- Phishing and Ransomware
- Weak network security
- Weak passwords
- Shadow IT
The first security threat that we want to consider is a general threat with working from home — distraction. It may sound a bit odd to think of distraction as a security threat, however, when employees shift from working in environments on-premises to working in a home environment, distraction comes into play.
At home, employees may not have a workplace suited for working without distraction. Kids may be at home and other activities surrounding employees trying to carry out business-critical operations can serve to create a recipe for security threats to creep in.
Employees who are distracted with other surrounding activities are more likely to:
- Fall victim to phishing emails and running ransomware attachments
- Accidentally or intentionally delete the wrong data
- Visit websites or follow links they wouldn’t normally click on
These are just a few of the security concerns that come from distracted employees working from home. Hackers and other threat actors are aware that users are typically less alert in many cases when working remotely. This provides an environment that is ripe for opportunistic attacks.
Mitigation — Mitigating cybersecurity risks related to end user distraction involves the following
Both end user training and technology security solutions — End user training can help your employees more readily recognize the characteristics of phishing and malware-laden links and attachments. It can also increase awareness of the dangers that lurk via email, weblinks, and other means. Bolstering end-user training with technology solutions such as endpoint security as well as remote access that is enforced with various types of policies at the application and network level helps to mitigate many of these threats.
2. Phishing and Ransomware
There is no question that phishing and ransomware attacks are some of the most worrisome threats facing your business today and your business-critical data. Often, phishing emails and ransomware go hand-in-hand. Hackers may use phishing emails to drop ransomware onto end-user systems. Ransomware will often masquerade as a piece of legitimate software contained in a phishing email.
Depending on the type of remote access technology being used, ransomware can easily start encrypting data the remote employee is connected to by way of VPN or other remote technologies. When an end-user opens a ransomware attachment, clicks a malicious link, or performs some other type of action that is presented by the phishing email, the ransomware is slyly installed and begins the encryption of business-critical files.
Files on the end user’s local system and network-connected files can be encrypted. One point to underscore with ransomware is that it can encrypt both on-premises data and cloud SaaS data. If your organization makes use of file synchronization by means of Google Drive Sync or Microsoft Office 365 OneDrive for Business, files that are encrypted by ransomware locally on an end-user device can easily sync to cloud storage.
Additionally, ransomware has been shown to be able to infect cloud SaaS services like cloud email. Security researcher and former hacker, Kevin Mitnick demonstrated an attack where ransomware was able to encrypt an end user’s email inbox in real-time with compromised OAuth permissions granted by the end-user. He coined the name “Ransomcloud” for this new type of attack affecting cloud environments.
Mitigation — Mitigating phishing and ransomware cybersecurity risks involve the following solutions:
Advanced email threat detection and remediation — Having an effective advanced email filtering solution in place is key to filtering most phishing and malware attacks that come to your users via email. This can help to minimize malicious attachments and strip out links that may be weaponized.
Endpoint security — While not totally effective on its own, endpoint security is a necessary component of the overall security strategy. It can certainly help catch threats that may make their way through the other layers of security on the perimeter.
Third-party apps protection and policies — This especially pertains to cloud SaaS environments. Using native or third-party solutions to protect and control third-party apps in cloud SaaS environments helps to minimize the threat of “Ransomcloud” type attacks.
3. Weak Network Security
When end users are working from on-premises locations with network connectivity maintained by the corporate office, there are generally enterprise network security devices, policies, and other mechanisms in place to help prevent certain types of network-based attacks and other vulnerabilities.
However, when end users are working remotely, your organization’s assets can potentially be placed in danger by the weak network security in place in the home networks of end-users. Additionally, remote employees can make use of public Wi-Fi hotspots to interact with your organization’s sensitive business data.
Attackers love to compromise weak network protocols or wireless technologies that may be vulnerable to certain kinds of attack or compromise. End users often use weak encryption or wireless passwords to protect home networks and also may have vulnerable IoT devices that share the same network as end-user desktops or laptops connected to company resources.
Without proper security controls and segmentation from vulnerable devices, if an end-user device is compromised on his/her network, attackers can easily move “laterally” across their network to discover other devices and vulnerabilities, including weak passwords, etc.
Mitigation — Use corporate provided network infrastructure, VDI solutions, and micro-segmentation
One option to help mitigate the risk from weak employee network security is to provide a separate network device, preconfigured from corporate. This can help provide a correctly configured and secured network device for access business-critical resources.
Use VDI — With VDI, the data lives in the data center. The remote worker is simply accessing the VDI desktop and data that lives inside the corporate data center. This can have a positive effect on security as the critical data and business services live inside the corporate data center with all the security measures that afford.
Micro-segmentation — Using new software-defined networking and “identity-based firewalling” organizations can micro-segment internal resources that employees may need to access from the other resources they do not need to access. This helps to minimize threats to internal resources.
4. Weak Passwords
Aside from remote workers, weak passwords are a security vulnerability across the board. However, with remote workers outside the protections that are often afforded by corporate networks and other network protections that may be in place, weak passwords can be even more dangerous.
Notwithstanding weak passwords that may be assigned to corporate resources, are you allowing remote employees to use BYOD to access the corporate network? If so, these devices may have extremely weak or in some cases “no password” to access them. Network devices and routers used on home networks can also have weak management passwords and have management exposed to the Internet if not configured correctly.
An attacker can compromise the BYOD end-user client device and then have a doorway into your organization’s network. If employees are accessing corporate resources online that may have weak passwords, these passwords can certainly be subject to brute force attempts that may successfully crack passwords that are weak or dictionary-based passwords.
Mitigation — Using password policies as well as multi-factor authentication helps to mitigate weak passwords
Use effective password policies to disallow passwords that are dictionary-based as well as enforce the need for complex passwords (meeting complexity requirements, length, and history). Microsoft Azure AD even has the concept of banned passwords that disallows many commonly used passwords or variants of these that are easily cracked by attackers.
Using multi-factor authentication is one of the best ways to help thwart weak passwords. Even if a user has a weaker password, multi-factor authentication requires a token from another source to complete the authentication request. Even if an attacker has both the username and password, they don’t have the other part of the authentication requirement (something you possess).
The likelihood that end users will use shadow IT tools and services increases as employees start working from home. What is shadow IT? Shadow IT is an app, device, service, or utility that is not sanctioned for use by corporate IT and security teams.
With the explosion of cloud SaaS services and utilities, it has become extremely easy for employees to use cloud storage and services, collaboration tools, and other SaaS services that have not been sanctioned for use. As users move to their home environments to work remotely, the “out of sight, out of mind” mentality can creep in that can motivate some who may not have used shadow IT on-premises, to use it at home.
Shadow IT can open your organization up to all kinds of security nightmares, including data leakage as well as compliance violations that can cost your company greatly.
Mitigation — A combination of application and network policies for on-premises resources as well as using an API-based Client Access Security Broker (CASB) for cloud environments will help to enforce organization policies as well as prevent shadow IT operations.
Application and network policies can help to enforce which tools and applications are used to access which business-critical resources as they exist on-premises.
API -based Client Access Security Broker (CASB) technology allows effectively enforcing organizational policies in your cloud SaaS environments, including third-party applications that are allowed to run and access the environment.
Remote access and remote work provide great flexibility for employees and help to provide a contingency for emergency situations or BC/DR scenarios requiring employees to work from home. While there are many benefits to providing remote access to employees, as shown, there are definitely security considerations to be made.
Security threats can become from many aspects of remote access, including employees being distracted, phishing and malware, weak network security, weak passwords, and shadow IT. However, by using various security layers, organizations can successfully mitigate and reduce the risk presented to employees working remotely.