Cyber Security Considerations for Protecting Remote Employee Devices and Remote Access Environments
With COVID-19 (Coronavirus) being declared a pandemic by the World Health Organization, many organizations have asked employees to work remotely and/or restrict travel. In addition, hackers are using this opportunity to step up their activity.
As more employees shift to working from home it can be more difficult to enforce and maintain tight security controls. With that in mind, we prepared a high-level checklist to help keep remote workers and your corporate IT environment secure.
- Take the time to remind your employees about your remote work cybersecurity policies and best practices. Both NIST and SANS have resources to help you develop and implement remote access security policies.
- Review and ensure business continuity plans support secure remote work (can your employees access all network resources they need at home, safely?).
- Teach remote employees how to avoid social engineering scams and how to identify fake COVID-19 schemes.
Security Considerations for Organizations with Remote Workers
Networks that have both a centrally managed corporate network and remote/home workers have unique security challenges. Network traffic monitoring is not generally an option with these configurations so your security policies and monitoring should focus on two areas:
- Protect the Identity — Users accessing corporate resources from home need to be validated with multiple factors: strong passwords, 2FA, and geo-location if possible.
- Protect the Device — The device the user uses to access corporate resources needs to be clean: corporate endpoint protection and monitoring should be extended to these devices.
Protecting SaaS and Cloud-based Services
SaaS/Cloud-based services are essential for efficient work-from-anywhere – make sure your security policies and procedures cover them.
- At a minimum, ensure you have policies and visibility into the following services:
- SaaS collaboration & chat services like Slack or Microsoft Teams
- Email and Document collaboration services like Office 365 or Google G Suite
- Customer (e.g. CRM) and enterprise (e.g. ERP) management systems like SalesForce or NetSuite
- Be sure to review and limit third party app access to SaaS services: many third party apps can read your messages and data
- Globally accessible cloud-services require certain additional security features:
- Enforce Two Factor Authentication (2FA)
- Use hardware FIDO keys if you need it bulletproof
- Enforce Two Factor Authentication (2FA)
Monitoring and Responding to Remote Incidents
Responding to incidents that involve remote/home workers has unique challenges.
- Review and test your detection and response security tools to ensure you can see, reach, and respond to remote employee endpoints, regardless of where they are.
- Cloud-managed endpoint security and management tools are mandatory
- Enforce corporate security policies on BYOD.
- Many businesses require corporate security software be installed before using these devices to connect to corporate resources. Just because you don’t own it, doesn’t mean you can’t set standards.
- Assist your remote workers with basic home network hygiene. Provide best practices to segment their home networks and restrict the use of public or unsecured WiFi networks without proper encryption.
Lastly, make sure you are continuously monitoring and inspecting internal IT assets. Internal hosts, systems, and servers will be more susceptible to attack due to having remote employees accessing them from new and unknown devices, locations, and networks.
Additionally, your endpoint detection and response solution must be able to respond across remote devices at scale. Our recommendation is to leverage a cloud-delivered platform like Infocyte capable of inspecting, monitoring and initiating response actions at scale.
If you are unsure whether or not your remote employee endpoints are clean, contact Infocyte for assessment options and a free consultation.
Infocyte is an easy path to implement EDR or MDR for mid-size organizations. Learn more from Forrester's Now Tech Report here.
Interested in Sunburst and how to address compromises on your network?
Test out Infocyte's endpoint detection and response platform for free with our community edition: