Remote workforces are here to stay. By the end of 2021, 51% of all knowledge workers worldwide are expected to be working remotely, up from 27% of knowledge workers in 2019, according to Gartner, Inc.
This unprecedented (and fast) increase in remote workers introduced new security challenges and considerations. As enterprises extended their systems and IT environments to accommodate long-term remote work, malicious actors respond with phishing scams, cloud vulnerability exploits, endpoint ransomware attempts, and more.
By following some industry best practices, you can repair what may have been overlooked, improve IT security, and support and empower your workforce to work-from-home (WFH).
Here are five best practices that you can use to validate and improve your WFH security strategy:
1. Reaffirm Standard Operating Procedures
First, start with your Standard Operating Procedures (SOPs) for remote infrastructure monitoring and management. Clear SOP documentation provides SOC teams with repeatable and consistent procedures built on best practices and your organization’s standards and requirements to eliminate guesswork and response gaps when an attacker strikes.
If your organization has an established telework presence, your SOPs may already cover WFH and remote infrastructure management. However, now is a good time to verify the effectiveness of your current plan. Validate that each procedure covers WFH or remote management scenarios. For those procedures that fall short, consider extending them so that they support remote operations.
If you are creating your baseline SOPs in response to a rapid shift to remote work, following established guidelines ensures that your procedures stand up to the challenges of advanced threats.
Here are some relevant guidelines for creating telework operating procedures: NIST’s Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions.
2. Secure Virtual Private Networks (VPNs) and Home Networks
Virtual Private Network connections are a common remote access method used by enterprise organizations and federal agencies. However, unsecured VPNs leave your organization vulnerable to exploit by malicious adversaries. Follow these important steps to secure your VPNs:
- Ensure VPN servers and services are up to date and patched.
- Properly configure VPN routing policies at each endpoint (e.g., Split vs. full tunneling).
- Increase focus on cybersecurity and performance monitoring of your VPN servers to enable rapid detection of attacks against your VPN infrastructure.
- Monitor VPN utilization and make adjustments as necessary (e.g., rate limiting).
- Implement multifactor authentication for VPN access and enforce strong password requirements for all VPN users.
You can find additional guidance on CISA’s VPN-Related Guidance webpage.
VPN security is only part of the challenge when it comes to remote workforce network security. Your WFH employees typically get their internet access via home networks, which are notoriously insecure. Create a remote worker security policy built upon best practices and train your remote workforce so that they’re empowered to do their part in defending against cyber-attacks. Here are some home network directives that are based on best practices you can use to build your strategy and policies:
- Direct workers to change default passwords and update firmware on all devices connected to the home network, including wireless access points, cellular devices, routers, modems, and printers.
- Secure wireless connections, preferably using WPA2 or WPA3, as using the other protocols could leave home networks open to exploitation.
- For BYOD devices, update and maintain antivirus software on computers and devices connected to organization-owned assets through home networks. Alternatively, issue company-owned laptops that have antivirus installed and automatically updated.
- Disable file sharing between devices when not in active use, and never allow file sharing on public networks.
The CISA’s webpage for Securing Wireless Networks provides additional best-practice information you can use to build your organization’s policies.
3. Educate Against Phishing Attacks
Phishing is one of the primary attack vectors used by cyber adversaries. These sophisticated attacks trick end users into clicking a link, responding to a call, or visiting a compromised domain to solicit personal information or introduce malware onto the victim’s device or larger enterprise. All teleworking employees should be aware of the danger of phishing and take steps to actively protect themselves against it. Make sure your remote employees understand that they must:
- Treat unsolicited phone calls or emails with skepticism, especially if they are asking about personal data or organizational information. Verify identities and affiliations whenever possible.
- Never provide personal information or organizational information to unverified or unauthorized persons.
- Never disclose personal or financial information in email. Do not respond to or click on links within emails that ask for this information.
- Always check a website’s security and URL before entering sensitive information. Be sure to look for https (versus http) at the start of the URL. This indicates a secure connection.
- Install and maintain anti-virus, firewalls, and email filters to minimize spam, junk, and phishing.
- Utilize anti-phishing features offered by your organization, email client, or browser.
- Use multi-factor authentication (MFA) wherever possible.
When creating policies regarding phishing attacks, you can refer to CISA’s Security Tip page for Avoiding Social Engineering and Phishing Attacks.
4. Secure Your Cloud Configurations
Public cloud security introduces new attack surfaces that require cloud-native security tools and strategies. The biggest threat to cloud security is misconfiguration, and legacy security tools often don’t extend adequate protections to cloud configurations. In fact, 71% of security leaders surveyed by Cybersecurity Insiders recognized that misconfiguration of their IaaS and PaaS resources represents their biggest security threat in the cloud. When securing new cloud installations:
- Understand the shared responsibility model, including the nuances between cloud service providers, to eliminate coverage gaps in IaaS/PaaS security.
- Unify cloud security across hybrid- and multi-cloud installations to minimize management complexity and close visibility gaps.
- Use cloud-native security tools that secure cloud configurations based on CIS benchmarks and industry best practices.
- Automate security so that it runs at cloud-speed and scales dynamically with fast-moving cloud resources.
- Enforce MFA for direct cloud access or require programmatic access that removes direct access to cloud credentials.
- Automate vulnerability scanning and alerting so your SOC team stays ahead of zero-day exploits.
5. Mitigate Threats to Remote Workers
Due to the continued adaptation of threat techniques and increasing sophistication of adversaries, cyber adversaries gain new advantages over endpoints, networks, and cloud assets daily. Shift to a proactive cyber defense approach that provides deep and dynamic asset discovery and risk assessment, and employs smart deception technologies to easily reshape the attack surface. This will give SOC teams an advantage over adversaries and help them find and neutralize threats faster, even for remote workers. With the right tools, SOC teams can remotely respond to cyber incidents, perform digital forensics to determine the extent of the attack, and remediate infected devices for remote employees. When determining the best solution for remote workforce threat mitigation, look for a proactive threat detection and response platform that can:
- Continuous, dynamic asset discovery and mapping of your IT environment, including endpoints, networks, and cloud resources, so SOC teams stay ahead of rapidly growing remote workforce landscapes.
- High-fidelity alerts to eliminate false alarms and reduce alert fatigue.
- Direct security team access to endpoint devices, no matter where they sit on the network.
- Automatic deception tactics can lure and trap adversaries before they find production assets or move laterally through your network.
- Automated responses to common attacks.
- Real-time and historical data comparison against the MITRE ATT&CK framework and intelligence feeds to determine attack TTPs and improve response.
- Recover faster and prevent costly post-breach damage after a ransomware, malware, or insider attack.
Elevate Your Defenses to Support Your Remote Workforce
Fidelis Elevate® is an Active XDR platform that makes it more difficult and costly for adversaries to successfully execute their mission while making SOC teams more efficient and effective. Fidelis Cybersecurity does this by integrating deception technologies with detection and response across endpoint (EDR), network (NDR) and cloud. By unifying these technologies, Fidelis Elevate helps organizations engage adversaries earlier in the attack lifecycle and detect and respond to threats before they impact business.
To safeguard your cloud infrastructure and provide defense-in-depth, Fidelis CloudPassage Halo® unifies and automates cloud security and compliance across IaaS, PaaS, servers, and containers. This fast, scalable, and cost-effective platform integrates directly into cloud environments to work seamlessly across any mix of public, private, hybrid, and multi-cloud environments, including Amazon Web Services, Microsoft Azure, and Google Cloud Platform. Fidelis Halo ensures security is present from the moment new infrastructure is deployed so security teams can keep up with the cloud-speed of digital transformation driven by the demands of a WFH workforce.