Security for Remote Workforce - Are You Paying Attention?
Table of Contents
If your company is shifting towards a full or hybrid remote work model, it is time to reevaluate cyber risk and how can the organization remain protected against cyber attacks. Especially if your company has an internal IT infrastructure which is not typically accessible by people outside the physical perimeter.
Why is it Important?
The average cost of remediating a malware attack for a single company is around $2.5 million, which is more than double what it was in 2019 at around $750,000. This is largely attributed to the rise in remote workforce and subsequently an increase in the attack surface.
Furthermore, the cyber skill shortage hasn’t helped, but rather made things worse. According to CyberSeek, there are over 700,000 cyber job openings in the U.S., which means fewer good guys to combat the bad ones.
Credential compromise is attributed to nearly 71% of corporate breaches, which means it only takes a single set of credentials to compromise an entire network. We’ve seen this happening in the Colonial Pipeline Ransomware attack, where hackers managed to infiltrate the network through the exposure of one single set of VPN credentials.
Insider Threat Risks
Trusting your employees and holding them accountable is great, but this should not contradict the fact that you have to be prudent about your cyber security. Over 60% of data breaches are reportedly caused by an insider. Insiders can cause damage to the corporate in one of three ways:
- Malicious: Premeditated with motive and intention to harm. They’re usually disgruntled employees or contractors who actively abuse their insider knowledge and access to compromise the company’s networks.
- Accidental: Unpremeditated with no intention to harm. An example would be an employee opening a phishing attachment or getting tricked into sharing their credentials.
- Negligent: Borderline between the first two, where the employees are simply indifferent to what their actions could cause to the security of an organization.
Third Party Suppliers and Contractors
It’s not only about full-time employees. Temporary workers and contractors can pose a huge risk to your organization. Your company does not typically have control over their devices or the networks from which they access the public internet from and when VPN access is granted for a contractor, more stringent measures must be taken in order to limit their access as much as possible.
Device Security
Usually, companies issue corporate devices to employees with supplementary endpoint security software such as EDR, MDM or DLP which is great. However, there are still numerous risks surrounding corporate devices:
- When employees need to install new software, they either ask an IT admin to assist with the installation or use the already existing local administration privileges, which are enabled by default. Having local administration privileges allows the user to manipulate and potentially disable these security controls.
- IT admins do not always control the network to which the device is connected to, and since employees are working remotely, it’s possible for them to connect to unsecure public networks, such as in a library or a coffee shop.
- These controls are not foolproof and attackers will always find clever ways to circumvent them.
What Should You Do?
There is no silver bullet to combat remote access cyber risks. However, there are some general recommendations that can help improve the security posture of the remote access setup:
- Continuously educate your employees on cyber hygiene and best security practices in terms of handling credentials and interacting with the public internet.
- Proper monitoring of all corporate systems and devices. It’s not enough to monitor failed access attempts, but also the successful ones.
- Ensure that all of your systems and applications enforce Multi-Factor Authentication along with password authentication or implement Single Sign On (SSO) instead.
- Always implement secure encrypted communications between users and corporate applications and servers with TLS or IPSec.
- If there is a VPN setup in place, make sure that you configure granular access based on single applications instead of networks and IP ranges.
How We Can Help
We, at FrontierZero, are helping companies with remote workers to give easy and secure access to internal corporate applications without having to worry about maintaining VPN infrastructure or installing 3rd party software on the users’ devices. You can request a free trial or contact us directly at [email protected] to know more!