Protecting the remote working gatekeeper
Kevin Prone, Head of Service Development at Nowcomm, discusses why secure internet gateways and advanced malware protection cannot be overlooked in an era of increased home working.
Never has there been such a rapid and comprehensive shift to remote working.
Organisations of all sizes, and across all sectors, have been forced into an adaptation within days and weeks which might otherwise have been a gradual process over many months if not years.
There are a range of implications generated by this rapid and emergency shift when it comes to enterprise IT – regardless of what sector you work in. Many organisations may be deploying new devices and applications for the first time, outside of a true benchmarking or stress testing process. Organisations maintaining various functions of business as usual are probably relying on their employees’ home internet and home WiFi to connect with colleagues and customers– and in the rush to onboard remote working operations, may not have had time to fully ‘war room’ these news services and remote working models effectively and ensure they can keep their staff, suppliers, customers and business systems and data secure.
To add to this, recent coronavirus-related scams have already been circulating and are capitalising on people’s desire for information, advice and updates to the global pandemic. These seemingly innocent but malicious messages and links can trick remote workers, for example by secretly installing key loggers and other malware onto the remote worker’s device. As discussed above, should this device be more vulnerable when not protected by the “traditional walls and policies” of the enterprise grade internal IT network, serious problems may unfold for any organisation which has up to this point successfully rolled out home working solutions.
With this in mind, here are three steps you can take to secure corporate and personal devices on your networks whilst maintaining the advantages and effectiveness of remote working operations and activities.
Step 1: Secure your access to cloud applications
The Covid-19 lockdown has forced many employees – and organisations – to adopt cloud technologies without really thinking about the security implications. Employees work based on the tasks they need to complete, rather than beginning with security – for example, adopting robust password practices.
As such, the foundational task for organisations which have switched to cloud-based technologies is to require employees to protect their accounts with more than just a username and password, and introduce two-factor or multi-factor authentication. Passwords, of course, should not be the same as those used for personal accounts – or be among the most hackable passwords, such as ‘123456’ or passwords made of a string of the same letter or number. A further protective measure is to deploy a service that proactively monitors when corporate credentials (such as usernames and passwords) may have been comprised and are listed, traded or released in “dark web” locations of the internet that can be used by cyber criminals to target an attack or probing of these individuals or the wider organisation itself.
Every corporate IT stack is unique but there are user-centric two-factor and multi-factor authentication platforms available which can work across them all. Regardless of whether Microsoft Azure, Amazon Web Services, Google Cloud or another provider underpins your cloud architecture, such platforms will work with or without a Virtual Private Network (VPN).
Such solutions can also prevent logins from certain countries and even make sure that the devices employees use to access the cloud from are individually authorised, giving additional layers of peace of mind to network managers and employees alike. Indeed, a layered approach is crucial to building up robust security for remote working, with different layers of technology all ‘talking’ to each other and sharing information. This brings us on to the second step.
Step 2: Protect the remote gateway
Remote workers who are simply accessing the internet through their home routers are unlikely to be doing so with enterprise-grade security. At best, their home router might simply have a basic firewall or web filtering features enabled. Even in these situations, whilst it is welcome that service providers have made a step towards improved security, how appropriate or useful will such general public configurations be for your business?
Organisations facilitating remote working for their employees need to look for other ways to achieve secure internet access. But they need to implement this without putting a strain on the IT resources such as firewalls “back at base”. If such situations occur, performance for all remote workers is degraded (“the network is slow”) as data must flow in and out of the corporate resources introducing bottlenecks. When this occurs workers get frustrated and give up, or look for ways to break from the policy that was implanted to protect them, such as navigating around VPN access or introducing personal devices or shadow IT cloud services to gain improved data access speeds.
There are a number of ways to protect workers in the home from becoming a security ‘weak link’. This includes the following:
Internet Gateway (SIG) or DNS protection
Platforms that provide secure internet and Domain Name Server protection (often referred to as Secure Internet Gateways or SIGs) can secure workers when working both inside and crucially remote of the organisation. This means when working from home, over Wi-Fi, wired internet access or tethered to a mobile provider, your corporate rules, and IT protection and management including secure internet access and virtual firewall protection, travel with each individual user, no matter where they are located. Many of these cloud platforms also offer behaviour-based protection, meaning that they use machine learning models to pick up indications of malware activity from the Domain Name Server (DNS) traffic and thus provide protection even before an outbreak starts, often referred to as day zero security protection.
As the best of these platforms are deployed globally in a cloud services model they are relatively quick to enable for the entire workforce, even if the team is now spread out in tens, hundreds or thousands of geographic locations in one or multiple countries.
Advanced Malware Protection
This is the natural evolution from the legacy antivirus services that have traditionally been deployed on firewall platforms, servers and employee desktop client machines that have all been expected to stay inside the organisations four walls.
Advanced Malware Protection focuses not only on preventing malware from getting into and onto the network in the first place but also halts the spread of malware within and across the network to multiple devices (so-called east-west traffic).
Malware protection should provide proactive monitoring of the behaviour of any suspicious activity, recording and tracking activity for investigation whilst at the same time providing protection on the endpoint and onto the wider network.
IT Security teams can gain insight into what processes were running on the endpoint to trigger the attack, what the malware payload looks like as well as what other internal and external networks it has attempted to communicate with (for example a hacker controlled area).
Advanced Malware Services may also extend to a cloud based global security monitoring service, where the cloud platform incorporates features such as sophisticated machine learning and AI to determine how to best protect the organisation’s endpoint when an unknown threat has not been seen previously across the global cloud monitoring engine.
Step 3: Ensuring security cannot be selective
Cybersecurity cannot, and should not, be available only when employees are working in an organisational premise or campus (“on-net”). Work is something that we perform, not simply a place that we go to. Security needs to protect employees wherever they may go and without compromising performance.
Organisations cannot simply rely on a traditional anti-virus software to protect end-points that are outside and beyond the organisations firewalls, as such a dependency requires the anti-virus to always be patched to the latest known signature levels and for these signature levels to know of every threat, which is simply impossible.
As we all adapt to what is being termed “the new normal” we must not allow our rapid response to local and global situations to create unplugged gaps, weaknesses and vulnerabilities that are easy for cyber criminals to exploit. As we focus on maintaining our current operations and organisational performance, we can all be certain that criminals will be probing and designing methods to attack, breach and exhort those that do not quickly plug such gaps.