Teleworking is “the rule for all activities that allow it” recalled the Minister of Labor, Elisabeth Borne, during a meeting with the social partners on Monday February 1, 2021. What was seen yesterday as an exception reserved for certain s ‘is imposed by obligation for all employees, and is now an integral part of any business network environment in the making. The benefits of working remotely are evident in terms of well-being and productivity. Visionary employers are now promoting the possibility of working remotely in order to attract the best talent.
However, most IT teams have based the security of their infrastructures on the protection of networks and information inside the company. With the sudden rise in teleworking, companies have turned to VPN technologies to allow their employees to access corporate networks from outside, outside of the LAN environment.
Unfortunately, it is also an opportunity for cybercriminals who have developed new sophisticated attacks to take advantage of the rise of remote working to access sensitive networks and data. The number of cyber attacks targeting teleworkers via malicious emails, phishing, and compromising their endpoints, has reached record levels. In April 2020, NASA alerted its employees, via a memo, to a massive increase in targeted attacks against the agency. Suspicious domain names have appeared in order to deceive users of the most widely used videoconferencing systems.
A classic home work environment generally boils down to a local network allowing various uses, to which various professional terminals, connected objects that are not at all secure or personal devices and shared accounts are connected. This provides an ideal basis for potential corporate data exfiltration and other malicious cybercrime activity. The attack surface has fatally expanded with the spread of remote work. The war on cybercrime faces new challenges, with remote network security and risk management becoming top priorities.
Guide to secure remote work
Here are some tips for securing remote work and, by extension, protecting businesses:
Educate : the most important element to ensure the security of confidential data is the awareness of users in a telework situation. Inform employees not only of what to do but also of the reasons for doing it. A best practice guide is helpful, including information on two-factor authentication and VPN-level authentication to access applications and software containing sensitive information. An acceptable use policy document may also be provided, indicating which websites, applications and networks are allowed to access the data, in order to avoid potential attacks.
Manage access: attention must also focus on the access management policy, defining who has the right to access the network. A universal policy of giving all users the same rights of access to resources available on the network, whether they need them or not, exposes them to potential risks. The right balance must be found between user access management and efficient and secure remote access to resources hosted in the company, in hybrid cloud environments, and to applications, thanks to a security policy. Working with a Managed Service Provider partner, who can help define and implement granular policies, can help achieve the right security attitude for remote workers.
If the remote work cannot be done by the strict use of a VPN, opening the services directly on the Internet is a solution but carries a risk, that of being hacked by hackers. Any new application accessible via the Internet must be studied, secured and tested before its use, which will be planned. Tirelessly, businesses must find the right balance between cybersecurity and the need to easily access applications in the cloud or over the Internet.
Finding the balance between productivity and safety : the company must continue to operate, even in a different way. To do this, it is necessary to maintain the security of the user experience, especially when they are spread around the world, on several continents. Consider how remote collaborators will access their key applications and data locally, with minimal latency impact, using a globally secure remote access platform. Flexibility will also have to be taken into consideration in order to be able to increase the number of remote users as needed, via a simple model, per user.
In the future – priority for the security of teleworking
Unable to control the Wi-Fi networks that people connect to at home or in public places, IT teams must create security infrastructures that allow secure remote working on any network. The security apprehension needs to shift from unconditional trust in the user to zero trust.
This is how companies can plan their transition to the cloud, so that their employees can access their data, wherever they are. Zero-trust network access solution (ZTNA) allows remote workers to access corporate resources based on end user identity and device used, security posture and their access rights. This generates effective access security while giving users the freedom to choose the devices used, including their own devices (BYOD), as well as the applications.
Finally, the SASE (Secure Access Service Edge) strategy takes teleworking a step further. SASE sees the company as a distributed network of connected terminals. Employees can access resources quickly and efficiently, wherever they are. At the same time, IT managers can maintain a zero-trust approach across their network. Environments such as SD-WAN work well with SASE, without significant change.
Working with a managed service provider with dual Network and Security expertise helps meet both remote worker needs and security requirements.