At Impact Live 2020 we spent a lot of time discussing strategies for maintaining a strong cybersecurity posture in the age of remote work. Today’s users need flexibility to do their jobs efficiently with the ability to access business systems at any time and in any place. However, with this new way of working, comes new security challenges – and those challenge require modern solutions.
Here are seven best practices to help remote workers stay productive and secure without adversely affecting operations or established business practices.
- Deploy Single Sign-On (SSO) and Multi-Factor Authentication (MFA.) With SSO, you can leverage a central identity provider to manage user authentication and grant access to applications and resources through a single set of login credentials. This enables you to improve security through stronger password policies, increase productivity with simplified access to all the resources employees need to do their jobs and make it easier for your IT department to meet compliance requirements around access. MFA adds an additional layer of protection to corporate resources. With MFA, you can firmly establish that users are who they say they are by requiring them to pass multiple authentication challenges. For example, you can ask users to provide something they know – such as a password – and something they have – such as a one-time code sent to their mobile devices. You can use MFA to secure access to applications, workstations, virtual desktops, VPNs and more. For users who aren’t connecting from directly within the corporate network, MFA is essential for preventing the use of compromised credentials to access protected resources.
- Implement least privilege on endpoints to protect sensitive data and applications. Only providing end users and administrators with the absolute minimum levels of privileged access they require (a.k.a. the principle of least privilege) dramatically reduces the attack surface. One way of achieving this is to strip away unneeded local administrator rights from workstations to prevent endpoints from becoming compromised and enabling lateral movement. This reduces the risk of malware or ransomware being introduced to the environment, which can then be easily spread.
- Block RDP exposure from workstations. Remote Desktop Protocol (RDP) exposure has been at the root of many high-profile breaches – especially since workforces have become increasingly remote. Isolating sessions reduces the potential for endpoints – historically the weakest links of network access – to expose critical systems. Additionally, layering in the automatic recording of each session with behaviors analyzed in real-time helps quickly detect and remediate suspicious behavior if and when it arises.
- Reduce the overall reliance VPNs. The surge of remote work introduced a dramatic uptick in VPN usage. In a recent survey from CyberArk, 63% of employees reported using VPNs to access critical business systems. Attackers have long targeted VPNs because they provide access to the entire internal network. VPNs are distinctly not designed to provide granular access to critical systems and applications and can take a long time to set up. These tools often take s so much manual work to set up and operationalize that it takes away from the real goal at hand for security teams – reducing risk.
- Set up policy to either allow, block or restrict applications. In the age of remote work, unnecessary calls to the help desk are skyrocketing. With allow/block/restrict policies, administrators can enable remote users to access the systems that they require for their jobs without any additional hassles. Another way of reducing help desk calls is to enable users to access trusted apps without needing to call the helpdesk. This frees up IT resources to focus on more strategic intiaitves while also helping end users more efficiently and effectively do their jobs.
- Deploy self-service initiatives where applicable. Similar to the above, anything an organization can do to reduce unneeded help desk calls can be a massive time and labor saver. Establising MFA-protected self-service password reset and account unlocking enables end users to reset their own corporate passwords and unlock their own accounts. Self-service applications and server access requests further enable end users and remote vendors to make requests for access to applications, servers and other critical internal systems, enabling IT and management to approve access without filing helpdesk tickets. Self-service MFA enroll/replace allows end users to enroll new authenticators and replace and reset passwords. These capabilities also provide the ability for end users to replace lost or stolen ones without needing to file tickets. Finally, self service also introduces the ability to request access to applications or servers without adding load to the help desk.
- Provide just in time provisioning for third party users. The push to mobilize the workforce has also had a clear impact on the number of third party vendors that organizations rely on. These types of users present new challenges as they are not part of the company directory and can be challenging to manage and keep track of. You can dramatically reduce the attack surface by introducing solutions to automatically provision and deprovision access with a one-time onboarding process. This way vendors will have just-in-time access — just the access they need for just as long as they need it – without requiring manual work from security or IT administrators to provision and revoke access to the attack surface.
Balancing security and convenience is a struggle for organizations in the age of remote work. With many employees working remotely with no end date in sight, the answer to this dilemma is more important than ever. By following these best practices, organizations can provide their remote workforce with secure access that doesn’t interfere with productivity or business practices.
Couldn’t make it to Impact Live? No problem. Sign up for Impact Live on demand to view all the sessions at your convenience.
