COVID-19 has quickly switched many organisations to full work remote / from home policies, and IT teams are dusting off disaster recovery and business continuity plans. We know hackers are using Coronavirus to target users, so it’s important to keep security front of mind when protecting a distributed workforce.
After talking about this topic with a few clients, I thought i’d share my security tips to consider when protecting a remote and highly distributed workforce.
This seems obvious, to provide some level protection from malware and exploits on endpoints. But keep in mind many organisations do not supply staff with laptops or home workstations, so they may well be accessing corporate email or data from home machines outside of the normal corporate security standards and monitoring. Keep mobile devices and tablets in mind here too. Many technology vendors are providing additional burst or top up licensing so be sure to look into this.
A highly distributed workforce creates visibility challenges too. Where your users usually connected via fixed perimeters you controlled, now they could be accessing cloud and SaaS data from anywhere, on any device. A Secure Web Gateway is a good solution for this, as it provides visibility into applications and data users are interacting with, and lets you enforce your corporate security policies no matter what they’re accessing. It also connects users to a global point-of-presence network, meaning you don’t have to drag your users back through your own perimeter in order to get visibility and enable your users to access applications.
Dust off that VPN!
Suddenly that often malnourished remote access solution is critical infrastructure. If you do need to connect staff into your environment to access applications, confirm your VPN is provisioned to handle 60-75% of your workforce connecting concurrently. This is also a really good time to ensure multi factor authentication is enabled on all your entry points, including VPN’s (you would be surprised how often it isn’t!).
Cythera provides a Secure Access solution through Cato Networks global points of presence that can be stood up in hours if you need assistance here.
Be able to detect & respond.
This is really a dovetail on the visibility point, but with your users remote, accessing services from anywhere potentially on any device, logging and visibility have never been more important. Ensure you’re taking feeds from your cloud and SaaS applications, and comparing them to security and endpoint data, and running some form of behavioural and threat analysis over them. This will give you a really good head start to detecting and responding to threats before they become incidents. It might be as simple as why is Mary from HR logging in from Melbourne, and then five minutes later successfully authenticating from India. Or it might be a more sophisticated user making Powershell or API calls they have never made before. Visibility is key here. A detection and response platform can give you a good head start if you feel you’re lacking here.
Significant changes in working patterns demand that cyber security be front and centre in your IT planning. Reach out to the Cythera team if you need some air cover.