Every organization’s business continuity plan must include the capability to not only rapidly transition but sustain most or all of the workforce to remote work. A secure, seamless transition from “business as usual” in the office to a fully remote workforce requires planning and careful consideration of the requirements of remote workers, such as access to network resources, ample bandwidth, and technical support. This new work model amplifies the security risks of remote work, due to home network and personal device vulnerabilities, as well as the challenges of supervising and enforcing good cyber hygiene.
Secure Connectivity and Productivity Challenges
The first step in a secure remote work strategy is ensuring that remote workers have the ability to connect securely to the business network. There are challenges both in securing remote connectivity and in maintaining user productivity over the remote connection. These have to do with the home networks, the users themselves, and the network equipment at the corporate office.
Home networks are vulnerable
For employees, the most straightforward way to connect to the business is through their home network and the public internet. The employee’s home network, however, is likely less secure than the business network, making it more vulnerable to attack. Traffic between the remote worker and the enterprise network could be intercepted, and potentially modified, by an eavesdropper. Additionally, the network traffic that does not pass through the business network is not protected by an organization’s on-site security solutions, making them more vulnerable to malware.
Remote workers may not be who they seem
Under normal circumstances, many organizations rely upon a perimeter-based security model. Under this model, anyone inside the network is considered trusted, while outside parties are potentially malicious. This enables an organization to identify anomalous connection attempts based upon the location and timestamp (since most workers operate during normal business hours). With a fully remote workforce, this traditional model is no longer applicable since both legitimate users and potential threats connect to resources from outside of the network and may work at odd hours. Additionally, when employees are working remotely, the probability of an unauthorized user gaining access to and control over an employee’s devices is higher.
VPN and network infrastructure lack scalability
During “business as usual,” many organizations do not have remote work policies. In fact, only 41% of businesses allow remote work. As a result, many organizations lack the infrastructure necessary to support a fully or mostly remote workforce. Under normal circumstances, a significant percentage of a user’s traffic is internal to the network, accessing internal file shares, databases, and other resources. However, when employees work remotely, all their traffic passes through the perimeter firewalls, increasing the load on these devices. The use of VPNs only exacerbates this problem. Encryption and decryption of VPN traffic is computationally expensive and can rapidly exhaust the CPU resources of a next-generation firewall (NGFW).
One-size-fits-all remote work does not work
For the general worker, a secure connection to the business network and cloud-based resources is sufficient to perform their job duties. However, some employees have additional requirements when working remotely. Power users, such as network administrators and security personnel, require persistent connectivity to the network. These users may require the ability to connect multiple devices to the network, which can be difficult to manage manually via VPN clients, or connections that last longer than the standard session timeout length of VPN clients. Super users, including executives and other management personnel, regularly process highly sensitive data and need to be able to do so while working remotely as well. These employees require a higher level of protection than that provided by most VPN clients.
Enforcing Cybersecurity Policies in a Crisis
Beyond the basic needs of a remote workforce, remote work creates additional security challenges for an organization. Considerations include the use of insecure devices for work, an increased probability of security incidents during a crisis, and remote workers’ need to efficiently access cloud-based applications.
Incident response is more challenging for remote workers
Situations that force an organization to transition to a remote workforce are often chaotic and emotional for employees. In general, humans are prone to making poor security decisions in these situations, and cyber criminals regularly capitalize on these emotions to perform their attacks. During times of crisis, employees are more likely to fall for phishing attacks, and an organization is likely less prepared to respond to the incident. With a remote workforce, the help desk is less immediately available to an employee, and an organization’s incident response plans may not cover contingencies where a remote worker experiences a security incident. As a result, the cost to the organization, in both employee productivity and remediation efforts, can be much higher during remote work.
Remote workers may lack vital security patches
Organizations without an established remote work policy often do not have sufficient company owned devices to support a fully remote workforce. As a result, employees working from home may be using unapproved devices, including personal laptops or tablets
The ability to enforce bring-your-own-device (BYOD) policies is essential when employees are working from home. Devices used by remote workers historically have lower patch rates than on-premises devices, even if all devices are owned by the company. These delays in patching can be expensive, since 60% of data breaches are caused by an unpatched vulnerability for which a patch was available. An organization must be able to perform pre-connect scans for patching compliance to ensure that remote workers are not exposing the business network to additional cyber risk.
Remote workers require efficient, secure cloud access
When employees are working on-site, securing their connections to cloud-based resources using on-site security appliances is logical since traffic already passes through the network perimeter. However, remote workers are connecting from outside the network with traffic bound for the cloud. Backhauling remote workers’ cloud-bound traffic to the business network for security scanning increases network latency. This can create performance issues for latency-sensitive Software-as-a-Service (SaaS) applications and negatively impacts remote worker productivity. As organizations become more reliant upon SaaS solutions as part of remote work, they become a greater target for cyber criminals. Misconfigurations in security policies and configuration settings on SaaS applications could be the cause of a data breach or enable cyber criminals to use them as an infection vector for malware.
Basic Remote work Security Is Not Enough
Transitioning most or all of an organization’s employees to remote work creates significant security challenges for an organization. An organization’s business continuity plan should take these challenges into account and include solutions to address these new risks. Deploying basic security controls for remote work, such as VPN connectivity and strong user authentication, enables an organization to support intermittent remote work by a fraction of its employees. However, business continuity means an organization should be capable of maintaining normal levels of productivity and security with a mostly or wholly remote workforce. Accomplishing this requires securing the endpoint and ensuring high-speed, reliable access to vital SaaS applications.
We understand that the transition to remote working can be overwhelming. As always, Deerwood Technologies is here to help make your transition as safe and secure as possible. Let us know how we can help.