Author: Bryan Kissinger, PhD., Trace3 Vice President, CISO – Security Solutions Leader
Strong security applications, policies, and procedures can mitigate risks for businesses that rely on an increasingly remote workforce.
Remote working poses unique cybersecurity challenges for organizations. Phishing schemes, weak passwords, unencrypted file sharing, unsecured home wi-fi, print from anywhere technology, and network-connected personal devices all present major security risks.
How do you protect corporate data and other assets when people do their jobs outside of a company-managed physical office and network?
Remote employees pose one of the biggest threats to an organization’s network security. But remote work is not going away. A recent Bloomberg News poll shows that 49 percent of Millennial and Gen Z employees would choose to quit their jobs if remote work is not offered.
Security and Remote Work
Work-from-home policies and the work-from-anywhere ecosystem present an increased set of challenges for security teams as employees move outside of a secure perimeter. Remote workers may spend time in the company office, or they may work fully remote from home, or they may set up shop in third places like coffee shops, coworking spaces, or libraries.
As remote work continues to gain momentum, one of the most prominent risks comes from users connecting to unknown networks. When this occurs, users create a much larger attack surface for organizations.
A typical solution to this problem would be to require workers to use a virtual private network (VPN). But setting up a VPN can be very time-consuming and costly. Not only do time and cost factors pose a challenge, but security teams are now faced with an increase in adoption of cloud applications and the growing use of unmanaged devices—personal computers, cell phones, and more.
However difficult, securing an organization’s remote workforce is critical for any modern business. Trace3 recommends several approaches to this challenge. Within each approach, there are a number of solution partners to choose from.
First, identity and access management solutions work to secure users by validating through technologies like single sign on and multifactor authentication to grant access to corporate resources.
Access Management: Technology and processes for managing identities and access permissions for users, computing devices, and applications.
Second, endpoint security and mobile security protects users’ devices by preventing malware, blocking exploits, and providing enabling detection and response.
Endpoint Security: A platform that is an integrated suite of endpoint protection technologies used to prevent file-based malware attacks, detect malicious activity, and provide the necessary investigation and remediation capabilities to respond to dynamic security incidents and alerts.
Mobile Security: A platform for detecting threats on Android and iOS devices through monitoring network activity, whether it be cellular or wireless, and by monitoring application activity.
Third, secure remote access and connected home security protect users at the network level ensuring safe communications.
Secure Remote Access: The ability to access a computer from a remote location based on predefined policies in order to grant remote access to specific network areas.
Connected Home Security: Protects smart home manufacturer’s devices in home local area network (LAN) environments, where they are at risk of attacks both due to their device’s own vulnerabilities and from lateral attacks originating from other unsecured devices on the same network.
Fourth, cloud access security brokers secure cloud applications by providing data protection, visibility, and threat protection.
Cloud Access Security Broker: Platforms that sit between cloud services and consumers to extend security policies from on-premise to the cloud. These platforms cover critical areas of security which include data protection, compliance, visibility, and threat protection.
Ransomware attacks occur most within unsecure systems. If you are not sure where you are in your security setup, or you don’t know what data is most important to you, there are tasks and questions you can ask to assess how / if your organization is at risk.
This assessment includes employee training. When employees unknowingly participate in cyber security worst practices, hackers and cybercriminals are better able to access a company’s network and sensitive data. So, remote employees require added security precautions and support.
Trace3’s Security team includes engineers skilled in remote workforce infrastructure strategy and implementation. To learn more about remote workforce security, contact security@Trace3.com.
A hands-on, results-oriented senior information technology and business professional with over 20 years of experience leading global teams in the successful delivery of technology solutions that enable business value. Healthcare industry expertise coupled with Big 4 consulting leadership across emerging technology, financial, retail, and government sectors. A proven record of accomplishment in quickly assessing technology and security program maturity and developing multiyear road maps to achieve desired outcomes. A reputation for building programs and teams using a business-minded approach. Accomplished IT and security program designer utilizing practical solutions that deliver rapid return on investment.