For more than three months now, an enormous number of employees have been working from home — this is now the new normal for most of us. The world has changed and, in many cases, will remain mobile and in remote working mode for the foreseeable future. Moreover, many large companies are now insisting that people permanently work from home for several reasons including cost, travel time, lifestyle, and various other benefits for both parties, the employee as well as the employer. Globally there’s been a rush to work remotely due to the current pandemic, and even the most sophisticated companies are still catching up with regards to compliance when working remotely. This has resulted in breaches, and it’s evident from the latest cybersecurity news, that many of these breaches are a result of remote working. Additionally, attackers have adapted their attack approach. It’s evident that many organizations, three months in, continue to find remote working and the compliance component challenging — especially considering the cloud, company data, confidentially, and monitoring aspects Possible solutions to the challenges do exist and help to ensure better security is achievable while employees work from home.
Working remotely through the cloud and what this means
The majority of remote workers are doing so via the cloud. Ultimately this means that people are using someone else’s network, mostly public, to fulfill their functions from home. So, people are connecting remotely to a third party that supplies a service to do their jobs.
The first challenge related to this is secure access. A parallel can be drawn with working from home and working from a coffee shop. If you consider a coffee shop, for example, as your current new office and place of work and that your paperwork is on the coffee table for anyone passing by to see, or in your briefcase on the coffee table. If someone were able to open your briefcase or have the opportunity to browse the paperwork in open view — they could see your documents, files, and data. In the same way, working from home and using the cloud (which could be a public space like a coffee shop), brings the same potential risk. This is why secure access that only allows an authorized person, team, or group to access the information is essential. It is necessary that only authorized people, systems, and subjects have access to the company’s resources.
To this end, it’s essential that the access to all systems when working remotely be well controlled using both technical and administrative controls and that the users are well trained in this discipline.
A simplified technical control is multifactor authentication (MFA), and it works! At many hacking conventions, it’s the one control that hackers continue to highlight as a control challenging to overcome. Cybersecurity professionals are confident that MFA is a secure mechanism to control access to remote resources.
Additional layers should also be introduced, that is transparent to users, such as geolocation access lists.
The administrative controls also need to be updated to focus on remote working and the environment that the users are connecting from. Many organizations are currently updating their policies and training their users for safe remote working, which is commonplace now. A security approach that covers the three pillars: people, process, and technology remains a vital course of action.
Confidentiality: Keeping data private when working remotely
Once robust access control to the data in the cloud has been sorted, this means that only the right people (the ones that we want to be able to see our data) can see the data — right? Well, the next obstacle, however, is to ensure that the providers of the service can’t see the data. Providers say they can’t, and yet we read about many occasions where service provider’s employees access data, and we hear about data leaks and data breaches by hackers accessing the information through some obscure bug in the software.
There is a very strong solution to all of this. Encryption! By encrypting the data when at rest and when in transit and backed up, this can be resolved. Encryption is often not implemented for several reasons, including complexity, cost, understanding, skills, and standards, to name a few.
In short, not encrypting the data is like sending postcards through a public network or leaving your sensitive documents on the coffee shop table, 24/7. If you don’t want unauthorized people to see the data, then encrypt it! This is equivalent to placing the data into a digital envelope that keeps it private and only accessible to those you wish to grant access to.
In this way, if someone were to break into the cloud service provider, the data would not be visible to the intruders. The additional protection you get from encryption when you encapsulate the data with proper encryption when the data is transmitted, it’s protected as well as when it’s at rest at a computer remotely at your home. These technologies are powerful and very useful security tools when working remotely from home.
Labeling your data
When you label information and data, you can identify it quickly. Similarly to marking a tin, you recognize its contents and remember what’s in it. This means that all others interacting with the data also know what’s in the tin; thus, the users can deal with the information appropriately and securely.
Additionally, if data is labeled correctly, then you know which data to protect and how to protect it. It’s essential to label the data with at least its level of sensitivity so that people are aware of how to handle the data securely.
It’s useful to think of labeling data like marking an envelope or label attached to a container with the date and the contents within. So, when you review the label, you can quickly process what is inside; similarly, you can quickly process the masses of data without having to open it.
By mapping out the data in your systems, including the cloud as well as home-based devices, and by identifying how the data is accessed at a high-level will provides an eagle’s eye view of the landscape. This enables a means to strategize the defense controls better that the organization requires and helps with data protection as well as compliance that the organization needs going forward.
File integrity monitoring (FIM)
File and data monitoring are also necessary and vital. If someone who shouldn’t have access gets into your files or data and modifies or deletes the data, it’s essential that this is highlighted and made known as soon as it happens.
That’s where file integrity monitoring comes into play. FIM is another layer in your defense strategy. If someone gets through the MFA, the encryption and any other controls that have been implemented, and the FIM triggers — it’s likely to represent that a severe breach has occurred. However, you will have been made aware, and the appropriate actions can be taken at speed.
Remote system monitoring
The COVID-19 pandemic has been unprecedented and the entire world working remotely from a myriad mix of devices is happening and will be for some time going forward.
For this reason, it’s reasonable to embrace the extension of all companies’ networks to people’s homes as the endpoints are on home networks and VPNed, SSLed, and interconnected with remote access to work environments and resources. Therefore, these remote devices need security monitoring to ensure that users are safe and accessing the companies’ precious resources securely.
Remote system monitoring does this! It’s typically based on an agent that sits on the endpoint and monitors the device’s security posture and the user’s activity to ensure that the company is compliant with security best practices. These tools help with data leakage prevention as well as the ability to enforce lockdown in the event an endpoint is compromised so that the company’s network and resources are protected.
A remote working layered defense stack
Working from home is the new normal, and although it’s ideal for many, it can be exploited as attackers have adapted to attacking companies through remote workers. So, companies must change their defenses to remote working to strengthen their cyber-defenses further and avoid possible compromise.
By utilizing a remote working layered defense stack as outlined above can help with the security and compliance challenges that many companies are facing.
Featured image: Shutterstock