Working from home was a habit for many organisations and departments during the Covid-19 pandemic. The option is expected to remain popular due to habituation and the fact that it has proven to be possible. Therefore, securing remote working requires careful consideration. Where do you need to pay attention to?
The post-Covid-19 way of working is an increasingly popular topic. Although it’s difficult to predict the details, hybrid working seems to be a possibility for many. This includes people going to the office, which has already been happening due to European governments lightening recommendations for working locations. Furthermore, employees will undoubtedly work from home more frequently than before Covid-19. This requires a different IT setup, which must be taken into account by organizations. Security should not be forgotten. Although efforts to create a more secure home working environment have been made for almost two years, organizations still appear vulnerable due to the remote workplace.
Remote work is an opportunity
A good reason to consider home office security is that cybercriminals become less likely to successfully apply new methods. Hackers are innovative and always looking for new ways to strike. For example, they abuse remote working for their phishing campaigns by posing as the HR department that manages remote working. To find valuable information, they hide fake websites and links through messages such as “you need to go through some steps to work well at home.”
Hackers see an even bigger opportunity in capitalizing on changes in the use of infrastructure, networks, endpoints, data and software. For example, corporate devices can be used for personal purposes, while poorly secured personal devices can be used on corporate networks. In addition, prior to Covid-19, organizations enclosed many security measures within the network perimeter. Due to working from home, some security measures are no longer usable. The defences became weaker, resulting in new vulnerabilities. Hackers see a huge opportunity. Attackers continuously find new ways to capitalize on vulnerable organizations.
Endpoints are vulnerable
Of all the security steps you can take, endpoint measures often quickly result in a more secure environment. Various studies show that the majority of vulnerabilities start at endpoints. A major problem, especially for large organizations with thousands of devices. These organisations potentially have thousands of entry points for cybercriminals.
Antivirus software has long focused on protecting endpoints. It is often recommended to use so-called next-generation antivirus for endpoint security. Next-generation describes the use of algorithms for detecting known and unknown threats. A step forward from legacy antivirus, which relies on signatures and patterns to perceive threats. In contrast, newer antivirus uses artificial intelligence and machine learning to detect the first steps of hackers and suspicious behaviour on devices. Next-generation antivirus is cloud-based and less likely to lag behind a threat, while traditional antivirus requires regular updates to the signature database to keep working properly.
Centralizing endpoint security
To summarize, implementing the right antivirus provides the first line of defence. However, to achieve complete security across the entire organization, detection and response capabilities are desired as well. For this purpose, companies often use an Endpoint Detection and Response (EDR) or Extended Detection and Response (XDR) platform. EDR monitors and collects endpoint data to detect advanced threats. Whenever antivirus doesn’t detect a threat because of its advanced state, there’s a good chance that an EDR platform will. This is due to its use of threat intelligence, artificial intelligence and deep analytics. From the moment these tools detect suspicious behaviour, the platform blocks the malware and helps analyse the incident.
The third step of improving endpoint security revolves around updating devices. Hackers often take advantage of the fact that basic measures such as patching are forgotten. A lack of patching may be due to laziness, because patching is usually relatively simple. However, patching can also lag behind because of the manual work it creates. In that case, you do well to consider a means of centrally controlling system updates and adopting a patch policy that’s safe and easy to comply with.
Securing data needs to be revisited
In addition to endpoints, remote working has changed the way we use data. Cloud storage solutions are ideal for remote working. Cloud storage allows employees to access data from their home location, thereby working independently from local files. From a security perspective, cloud storage offers advantages as well. By storing data in a central location, security measures such as firewalls can be focussed on a central point. Ideally, data should be stored as centrally as possible. It can never hurt to review whether your employees are actually doing so.
Furthermore, the data strategy must fit into the backup policy. Although arranging central data storage can promote security, nothing changes the fact that data is everywhere. Even comprehensive security measures don’t guarantee that an organization is completely safe. Therefore, it’s highly recommended to make proper backups, including snapshots of data generated at remote workplaces. This prevents data from being lost completely, even when your company gets hit by ransomware.
Ultimately, as an organization, you want to create a working environment that’s as secure as possible. Employees will always have to participate. Some steps can only be taken by them. Optimally, employees pay personal attention to the basics. Is their knowledge sufficient for recognizing malicious links and avoiding phishing emails? Do employees opt for two-factor authentication when possible? Are strong passwords used for business accounts and devices — and are all security updates actually installed? Although professionals have been advising on these issues for years, not every employee appears to have gotten the message.
Reviewing the basics can be useful, especially when working from home. Though organizations often create a secure network environment on-site, remote security is frequently lacking. Home networks can be very vulnerable due to a lack of built-in security. Teaching employees about their router allows them to set a strong password, update router settings to encrypt with WPA3 Personal or WPA2 Personal, and create visibility. The latter can be useful for finding old devices and disconnecting them from the network.
In addition, it can be beneficial to apply network segmentation to home routers. Typically, organizations use segmentation to create zones in networks and apply appropriate security measures to each zone. Home routers often support segmentation through guest networks. From a security point of view, it’s useful to attach smart home devices to separate guest networks. In this way, a hacker that infiltrates smart home devices will have a very difficult time reaching PCs and devices on the general network.
Company network for working everywhere
Thus, to a certain extent, employees can provide a secure home offices themselves. However, in an ideal world, the organization creates an environment that secures its remote and on-site employees to the fullest extent. Many security vendors consider the zero-trust concept as an ideal way to achieve such an environment. In short, zero trust means sealing off the network and services that communicate with each other. Anything outside of this network isn’t trusted. The idea is to “never trust, always verify”. At this time, the concept has evolved to the point where it essentially trusts nothing: devices and individuals must always be verified, even if they have been connected to the corporate network before. Thus, zero trust assures a company that only the right people and devices have access to the network.
Zero trust is ideal for different work locations by checking identities, keeping suspicious activity out of the network. As an organization, you’re less dependent on security measures in the perimeter.
Additionally, more visibility is needed to achieve a clean network. What does the IT infrastructure look like — and what is going on in the corporate network? When you have complete visibility on connections and devices in the network, personal or legacy devices that do not belong in the network can be found. Such endpoints are better kept out of the network: they face increased vulnerability risks due to not receiving patches or being poorly secured in the first place.
Towards a more secure work environment
The home office has suddenly become a much more important topic in the security strategy. The measures to be taken are useful. Not only do they make the home office more secure, they’re also just as useful for working from any other remote location. Think of a sales employee on the road, safely connected to the network due to the necessary precautions. This makes the investment interesting and ensures that we all move towards a safer working environment.
This article is part of the Techzine cybersecurity dossier, in which we delve into several current and relevant security developments. Make sure to read our first article on the current, worldwide state of cybersecurity.