The COVID-19 pandemic has increased the importance of telecommuting: dozens of employers are transferring employees to home offices. This convenient format reduces the probability of infection, but at the same time, it entails many risks related to information security. Besides, the situation is exploited by intruders: public sources state that the number of targeted attacks on businesses has increased dramatically in recent days.
For many years, the concept of corporate information security revolved around working in the office, within a controlled infrastructure perimeter. Job specifics enabled some employees to switch between corporate, public, and home networks, but their share was relatively small. There were fewer telecommuters, and it was easier for IT and Cybersecurity departments to control them. At the present time, remote connections have become ubiquitous, and it has become much more important to organize remote access properly.
New realities demand the reinvention of the approach to corporate information protection. It is not possible to apply a full set of corporate security features to employees' home networks, but there are several solutions that protect teleworkers. Devices used for remote access can be conventionally divided into 2 groups: personal and corporate-owned.
Each group has its own specifics. Personal devices are the property of users; they often contain personal or private information, and the scope of possible security measures is limited. Protecting such devices requires a special approach, but is still a realistic objective.
2FA
The first and most important step is (if it has not already been done) to implement a second user authentication factor (two-factor authentication, 2FA). The most convenient option is a mobile application that generates a one-time password (OTP) for the user in addition to the main password. This will significantly complicate any attempts to hack into a corporate environment that would otherwise be vulnerable to password brute-forcing. A good option is a solution from ESET, which is easy to implement in addition to the existing protection tools and allows you to solve the problem quickly.
Capsules
The second security tool that we recommend is capsules (security containers). Before the pandemic, the vast majority of users already had access to email and other important corporate resources from their mobile devices. But now, the issue of protecting these services and the information they hold has become crucial. Strict data protection measures for personal devices might turn redundant and perceived by users as an invasion of privacy. To solve this task, you need security tools that would protect information on mobile devices without the abovementioned factors. We recommend using the Capsule solution from Check Point.
The solution allows you to isolate corporate applications in a special encrypted container in the memory of your smartphone. You can configure user permissions for this area (prohibit screenshots, copying, transferring files, etc.), and secure information without affecting the existing business processes. If necessary, it can also be used on corporate devices.
Verifying compliance with security policies
The toolset for corporate-owned devices is slightly wider. Unlike personal devices, they are always protected by antiviruses or other security tools. All that remains is to monitor compliance with security requirements and policies. For this purpose, you can use the compliance checks supported by many firewall agents (Check Point, Fortinet, Palo Alto). How does it work? When a user attempts to connect via VPN, the agent screens their workstation: is the latest OS version used, are the antivirus signatures up-to-date, are there any running blacklisted applications or applications prohibited by the corporate policies. Thus, although the functionality does not offer direct workstation protection, it checks that all security measures are applied and the workstation can access corporate resources.
MDM/EMM
For corporate laptops and smartphones, there are many more options to control their status, user permissions, and overall device security. It is a sound idea to control and protect them with MDM/EMM solutions such as MobileIron. This will allow IT and Cybersecurity departments to monitor permitted user actions and applications on such devices, to block and wipe (reset to factory settings) lost or stolen devices to prevent intruders from accessing sensitive information, and to reveal rooted/jailbroken devices and apply appropriate actions to them.
Antiviruses
Users' devices have limited protection in home and public networks, so antivirus security becomes particularly important. Corporate devices almost always have antivirus agents installed, but mechanisms of their protection may appear insufficient in new conditions. A logical step would be installing additional security tools on corporate devices and complement antivirus software with protection from ransomware or exploits. Examples of such solutions are Check Point SandBlast Agent or Palo Alto Cortex XDR. They supplement conventional tools with advanced protection against unknown threats and, as a result, enhance the protection of corporate resources from attacks via user devices.
General recommendations
Fine-tuning the firewall rules and user access rights for corporate resources is crucial in current conditions. Leverage the ability to create time-dependent firewall policies and limit the time frame in which external access is allowed (it is usually hard to believe that a user wants to work remotely at 3 a.m.). Also, the rise of telecommuting is a great reason to start rebuilding and applying ZeroTrust policy, which will reduce the number of possible attack vectors, and thus will improve the overall network security.
If you still have questions about how to ensure remote access security, Noventiq specialists will be happy to help you choose the right solution for your task, implement it following the best global practices and provide technical support to reduce the load on IT and Cybersecurity departments, which has inevitably increased due to recent events. We're waiting for you!