When COVID-19 emerged, companies in all sectors of the economy were forced to make a rapid transition to remote work. The goal was simple: ensure business continuity in the face of an unprecedented challenge, a challenge most assumed would come and go in no time.
As vaccines continue to roll out and the world finally begins to reopen more than a year later, it appears remote work is here to stay. A recent study found that only 9 percent of remote workers want to return to an office full time. Of course, this is not to say that in-person work is going to disappear completely; Apple recently announced that its employees will return to the office three days a week starting in September.
Taken together, the future of work appears to be more of a hybrid model, with some employees working remotely and others working in the office.
Unfortunately, many organizations are still operating with the same remote solutions that they implemented in March 2020. While these solutions have helped companies keep operations running during the pandemic, most were quickly assembled, with security an afterthought.
In an age where the average data breach costs $ 3.86 million and businesses can reasonably expect to have some level of distributed workforce, taking a proactive stance for security and implementing a long-term remote security strategy is critical. Failure to do so could have disastrous effects on your business.
VPNs are not enough for remote security.
Last year, most companies added or expanded VPN solutions in their technology stacks as they moved to remote work. But a VPN alone is not a panacea. When teams are working around the world, it can be difficult for security teams to manage each endpoint effectively.
The popular narrative that corporate VPNs are reliable and secure couldn’t be further from the truth. In fact, distributed endpoints tend to be some of the easiest targets for attackers. In some cases, accessing your network is as easy as an employee making an inadvertent mistake.
This begs the question: What mechanisms do you have to protect yourself against an employee who connects to an insecure network (for example, a public Wi-Fi network), forgets to connect to your VPN, and then clicks on a malicious link? What if a team member accidentally leaves their laptop in a coffee shop or on a train?
Challenges, opportunities for IT teams in the future
If your organization still uses on-site administration techniques to manage the endpoints of a distributed team, you will struggle in today’s challenging and dynamic security landscape.
In typical environments, employees can only access networks when they are on site or logging in through the corporate VPN. But when teams are spread across the world, not everyone will connect to the VPN every day, especially when you rely on cloud-based tools like GSuite, Microsoft Office 365, and Slack. If employees can get their work done using these services, you will have unmanaged corporate endpoints, much to the delight of bad actors.
Fortunately, it is not impossible to overcome these challenges. The best way to do this is by implementing an effective distributed workforce security strategy that will not have to depend on the network to which your endpoints are connected. Instead, all endpoints should be managed as long as they are powered on. Some options for doing this include cloud-based patch management, mobile device management (MDM), endpoint and intrusion detection and response (EDR / IDR), antivirus software, endpoint encryption, and secure email gateways.
If you are truly embracing a long-term remote strategy, and you should, assuming you want to attract and retain top talent, you need to understand that local connectivity cannot be a requirement for the tools your workforce must have. productive and successful.
New solutions and strategies for remote workplaces
When it comes to implementing solutions designed specifically for distributed teams, IT leaders must consider the use cases and requirements of each department. You will need to weigh the risks of not making any changes against the potential impacts on business and customers.
First, it is important to implement strategic implementation plans to limit potential business impact. You will also need to gain leadership buy-in, which will make the change easier to sell to the rest of the team.
When you start to implement new security solutions, remember that they are only as strong as the weakest link, which, in most cases, are your end users. By investing in user education platforms, you can help your team understand common vulnerabilities and threats (for example, weak passwords), which can pay significant dividends.
And finally, in today’s evolving landscape, where new threats emerge every day, it’s likely only a matter of time before your systems are breached. Therefore, instead of thinking about what you can do to prevent a breach, you should assume that a breach will occur and implement a zero-trust architecture. By treating all vendors as potential threats and implementing least-privilege access controls to further protect your systems, you put yourself in a much stronger security position.
Looking Ahead: What Comes Next?
Over the last year, we’ve seen a huge trend in attackers targeting home networks. As teams continue to work remotely, it looks like this will be the new normal in 2021 and beyond. Then what do you do?
Again, assume that end users will always be the weakest link in your security strategy. For one thing, an employee may inadvertently forget to log into a VPN and connect to an insecure network. On the other hand, a disgruntled employee might decide to sabotage things from within.
You can solve both scenarios by following best practices and implementing zero-trust architectures, least-privilege access, and cloud-based security tools. Since the typical home environment is not well protected, security must be closer to the workload itself.
The sooner you develop and execute a long-term remote security strategy that takes all of these factors into account, the faster you get real-time information and control over your IT environment. With the right approach, you’ll have peace of mind knowing that your network is secure and that you can spend more energy on the big picture.
Author: Chris Hass is Director of Research and Information Security at Automox.
Check at: https://threatpost.com/business-long-term-remote-security-strategy/167950/
