Remote and hybrid work environments are here to stay, which means CISOs need to establish an effective security strategy for managing the expanding attack surface. Organisations can no longer afford (quite literally) to play catch-up with remote work security as ransomware cases and demands continue to rise. Greg Young, Trend Micro’s VP of cybersecurity and Mick McCluney, technical lead for Trend Micro Australia, explore how to create a resilient work from home (WFH) security strategy.
Remote work security trends
As the fear of COVID-19 spread, so did phishing attacks. Trend Micro blocked over 94 billion email threats, malicious files and URLS for customers in 2021—a staggering 42% increase from 2020. Scamwatch, a site run by the Australian Competition & Consumer Commission, received nearly 6,500 scam reports mentioning COVID-19 with more than AUD $9,800,000 in reported losses.
This is concerning for businesses given work laptops are sharing home networks with personal devices, making them susceptible to attacks that started on a different device. The expanding attack surface is difficult to protect with siloed solutions providing only snippets of the entire network.
VPNs also fell short of security needs, as maintaining and channelling the large influx of traffic is challenging. Since VPNs have limited scalability, the more traffic, the more lag, which slows down business operations. From a security standpoint, lack of scalability requires IT teams to continually deploy hardware appliances for threat detection, firewalls, data loss prevention (DLP), and other security functions.
Not all VPN vendors follow best practises, and there’s no real way of knowing this. However, if your third-party vendor is cutting corners, it creates opportunities for malicious actors to enter your network and access valuable credentials. According to a Verizon report, 76% of network breaches involved compromised user credentials.
Lastly, employees are finding remote work security policies annoying, leading them to not bother. A survey by Venn found that 71% of employed Americans admit to skirting their company’s own IT policies and procedures to be more efficient.
3 remote work security tips
Yes, these trends are concerning, but the good news is they can be solved with minor tweaks and without major spending—something the C-suite can get on board with.
Here are three ways you can strengthen your remote work security posture for the long-term:
1. Enhance endpoint management with XDR and Zero Trust
While limited technology like endpoint detection and response (EDR) can be valuable, threat actors don’t stick to a single silo such as endpoints, and utilise other channels in the same attack such as email, network, and SaaS.
You can gain comprehensive visibility using a platform with XDR capabilities. XDR collects and correlates data from all endpoints and security layers, providing the full picture security teams need to reduce mean time to detect/response (MTTD/MTTR).
Another component of strong endpoint security is being able to clearly identify what and who is in your network. This is where adopting the Zero Trust approach—the default that any device, user, or app is untrusted, could be vulnerable, or has been breached—comes into play. By scanning and authenticating users, devices, and apps before they’re granted access to the network, you reduce the chance of a malicious user gaining and maintaining residence. Remember to continuously monitor endpoints within the network to surface any compromises or odd behaviour.
2. Strengthen your VPN with an SDN
Supplementing your VPN with a software defined network (SDN) security solution is also a good way to strengthen remote work security. An SDN takes a software-based approached to modernising enterprise networks beyond traditional wide area networks (WANs), making it more reliable and scalable.
How does it work? It separates the control pane—the network layer that makes traffic routing decisions—from the mechanism that forwards network traffic through routers. This allows network traffic to be optimised by classifying it based on application or service type, then further prioritised and forwarded in-line with customised policies. For example, security teams can dictate that trusted business application traffic will be routed across the private network, or social media content is sent to a cloud-security service for further investigation.
SDN solutions can integrate advanced cloud-native security functions, eliminating extra costs of deploying hardware appliances to scale the VPN. With central management, SDNs can improve visibility across your entire network, allowing IT teams to better validate traffic and authorisation in-line with the Zero Trust model.
3. Equip your employees
As we previously mentioned, employees often opt out of security practises because they’re cumbersome. To ease the burden, provide a work computer configured to follow best practises like:
- Changing passwords every 90 days
- MFA and SSO to access company accounts and applications
- Only using the enterprise’s cloud-storage account to save and share work documents
- Blocking access to unsafe apps and websites
Giving employees laptops doesn’t mean spending more money, but instead spending smarter by shifting other overhead savings to cover equipment costs rather than spending even more to clean up a malware or ransomware attack. With fewer security incidents due to well-configured work computers, organisations will see more savings in the long-run and be able to focus on fewer events that need greater attention.
Although company-issued work computers will minimise some security gaps, employees still need to do their part. To reduce confusion, hold security awareness training and provide documented security protocols and best practises like updating home Wi-Fi passwords and avoiding public Wi-Fi. You can also run internal phishing tests to surface potential security gaps within your workforce.
Next steps
Remember, as threats and technology evolve, so should your remote work security strategy. Regularly validate the effectiveness of your current security tools, assess back up and disaster recovery plans, and continue providing security training for employees.
For more insights into Zero Trust and remote business security, check out these articles: