Remote workforces are here to stay. By the end of 2021, 51% of all knowledge workers worldwide are expected to be working remotely, up from 27% of knowledge workers in 2019, according to Gartner, Inc.
This unprecedented (and fast) increase in remote workers introduced new security challenges and considerations. As enterprises extended their systems and IT environments to accommodate long-term remote work, malicious actors respond with phishing scams, cloud vulnerability exploits, endpoint ransomware attempts, and more.
By following some industry best practices, you can repair what may have been overlooked, improve IT security, and support and empower your workforce to work-from-home (WFH).
Here are five best practices that you can use to validate and improve your WFH security strategy:
First, start with your Standard Operating Procedures (SOPs) for remote infrastructure monitoring and management. Clear SOP documentation provides SOC teams with repeatable and consistent procedures built on best practices and your organization’s standards and requirements to eliminate guesswork and response gaps when an attacker strikes.
If your organization has an established telework presence, your SOPs may already cover WFH and remote infrastructure management. However, now is a good time to verify the effectiveness of your current plan. Validate that each procedure covers WFH or remote management scenarios. For those procedures that fall short, consider extending them so that they support remote operations.
If you are creating your baseline SOPs in response to a rapid shift to remote work, following established guidelines ensures that your procedures stand up to the challenges of advanced threats.
Here are some relevant guidelines for creating telework operating procedures: NIST’s Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions.
Virtual Private Network connections are a common remote access method used by enterprise organizations and federal agencies. However, unsecured VPNs leave your organization vulnerable to exploit by malicious adversaries. Follow these important steps to secure your VPNs:
You can find additional guidance on CISA’s VPN-Related Guidance webpage.
VPN security is only part of the challenge when it comes to remote workforce network security. Your WFH employees typically get their internet access via home networks, which are notoriously insecure. Create a remote worker security policy built upon best practices and train your remote workforce so that they’re empowered to do their part in defending against cyber-attacks. Here are some home network directives that are based on best practices you can use to build your strategy and policies:
The CISA’s webpage for Securing Wireless Networks provides additional best-practice information you can use to build your organization’s policies.
Phishing is one of the primary attack vectors used by cyber adversaries. These sophisticated attacks trick end users into clicking a link, responding to a call, or visiting a compromised domain to solicit personal information or introduce malware onto the victim’s device or larger enterprise. All teleworking employees should be aware of the danger of phishing and take steps to actively protect themselves against it. Make sure your remote employees understand that they must:
When creating policies regarding phishing attacks, you can refer to CISA’s Security Tip page for Avoiding Social Engineering and Phishing Attacks.
Public cloud security introduces new attack surfaces that require cloud-native security tools and strategies. The biggest threat to cloud security is misconfiguration, and legacy security tools often don’t extend adequate protections to cloud configurations. In fact, 71% of security leaders surveyed by Cybersecurity Insiders recognized that misconfiguration of their IaaS and PaaS resources represents their biggest security threat in the cloud. When securing new cloud installations:
Due to the continued adaptation of threat techniques and increasing sophistication of adversaries, cyber adversaries gain new advantages over endpoints, networks, and cloud assets daily. Shift to a proactive cyber defense approach that provides deep and dynamic asset discovery and risk assessment, and employs smart deception technologies to easily reshape the attack surface. This will give SOC teams an advantage over adversaries and help them find and neutralize threats faster, even for remote workers. With the right tools, SOC teams can remotely respond to cyber incidents, perform digital forensics to determine the extent of the attack, and remediate infected devices for remote employees. When determining the best solution for remote workforce threat mitigation, look for a proactive threat detection and response platform that can:
Fidelis Elevate® is an Active XDR platform that makes it more difficult and costly for adversaries to successfully execute their mission while making SOC teams more efficient and effective. Fidelis Cybersecurity does this by integrating deception technologies with detection and response across endpoint (EDR), network (NDR) and cloud. By unifying these technologies, Fidelis Elevate helps organizations engage adversaries earlier in the attack lifecycle and detect and respond to threats before they impact business.
To safeguard your cloud infrastructure and provide defense-in-depth, Fidelis CloudPassage Halo® unifies and automates cloud security and compliance across IaaS, PaaS, servers, and containers. This fast, scalable, and cost-effective platform integrates directly into cloud environments to work seamlessly across any mix of public, private, hybrid, and multi-cloud environments, including Amazon Web Services, Microsoft Azure, and Google Cloud Platform. Fidelis Halo ensures security is present from the moment new infrastructure is deployed so security teams can keep up with the cloud-speed of digital transformation driven by the demands of a WFH workforce.