How to Keep Your Infrastructure Secure with a Mobile Workforce.
With much of the workforce working from home, it is time to revisit company security policies and procedures regarding remote work. If you don’t have a policy now is a great time to build one, but what should be included in your policy? While the specifics will vary for every organization there are a few general requirements that can provide a great starting point.
Virtual Private Network (VPN)
When employees are working at home or on the road it is nearly impossible to do a security assessment on every network that they connect to. The security firm Bitdefender published an article about an attack targeting Linksys routers that will alter how a computer finds websites by manipulating DNS, the process by which names like amazon.com connect to the underlying IP address. This attack would then cause legitimate websites to silently redirect toward their malicious site that prompted the visitor to download an app for the latest information about the coronavirus (COVID-19). This same type of attack could also be used to redirect someone to a facsimile of a legitimate site to steal their credentials. VPNs, however, usually provide a secure tunnel for both internet traffic and DNS traffic. This means that, aside from providing access to internal resources, these types of attacks would not work if the employee used a secure corporate VPN.
Multifactor Authentication (MFA)
Attackers are always looking for a way to compromise user accounts to gain access to corporate data. Whether these attacks come as spoofed websites, phishing emails or malicious websites, multiple layers of security are needed to help prevent an attacker from successfully accessing sensitive resources. MFA is one way to help accomplish this goal. NIST does a thorough job explaining MFA, but MFA essentially requires you to present two types of evidence to login to your account. When you use your bank card (something you have) at the ATM it also requires a PIN (something you know). Microsoft offers extra layers of security on top of multifactor when using their Azure and Office 365 (recently rebranded to Microsoft 365) products. Depending on your license tier, there are options to block access based on location or verified security compliance, require high-risk users (ex. Someone who signs in at an unusual location) to reauthenticate, and the ability to alert administrators and users when suspicious activity is discovered. Many third-party websites and applications also support using Azure Active Directory to authenticate, which, while requiring some additional configuration, provides this robust security toolset to other applications while still using a pre-existing corporate account.
While a malware scanner is a baseline requirement for any mobile corporate device, much more needs to be done to protect your data while outside the corporate network. Many endpoint protection vendors offer cloud-managed software that combines, virus protection, host-based firewall, web filtering, and much more. Many solutions can alert your security team when it detects an attack and provides the data on what is happening. Some solutions can even isolate the device for further investigation. McAfee, Bitdefender, Microsoft, Symantec (now Broadcom), Sophos, and Carbon Black all offer products that offer features that can provide some, if not all, of these features but a business-use analysis is needed with special attention paid to maintenance and management requirements. While any implemented solution will require time for initial setup and maintenance, the time required will vary with each product. McAfee’s suite, for example, is complex enough to require nearly a full-time employee to support management. Whichever solution is used, consider working with a product expert to help with initial deployment and provide employee training.
The general theme for supporting a remote workforce is to separate the personal from the corporate. The above should provide a great starting point for securing your company and your employees, both now and in the future.
Are you feeling overwhelmed by the prospect of securing your mobile workforce? Let UNCOMN help. Learn more about how UNCOMN can protect your team and your data.
About the Author: Patrick Jaeger
Pat Jaeger, CISSP, CEH is a security professional with over 10 years of experience in systems and network administration and a Master’s from Maryville University. In his free time, he enjoys working with LEDs and home automation, playing and recording music, as well as maintaining his own home lab.