Many would argue that the decentralization of the traditional on-premise working environment was inevitable, irrespective of the ongoing health crisis. For employees, remote working allows for a better work-life balance. If you need to go to the bank, visit a relative in the hospital or collect your kids from school, you can do so without disrupting your work day.
In most cases, employees actually save time and money by not having to commute to work. For employers, the benefits of allowing employees to work remotely are also apparent. They can reduce the amount of office space they need, reduce their overheads, and if employees are using their own devices, there’s less need to maintain or purchase expensive IT equipment.
While some employees were understandably concerned that their employees would be less productive when there is nobody watching over them, numerous studies have shown the opposite to be true. There are, however, legitimate concerns that employers have relating to the security of their valuable data.
After all, due to the coronavirus pandemic, the transition to a remote working environment happened a lot faster than expected. On a more positive note, the shift that we are witnessing will encourage better data security practices in the long term.
Employers can no longer rely on perimeter-based security to keep the bad guys out, but must instead focus on the data itself, which will also protect their data from insider threats. Let’s take a closer look at the challenges security teams must overcome in order to maintain a secure remote-working environment.
Remote Work Security Threats
As we expected, cybercriminals were quick to capitalize on the crisis. They knew full well that many organizations were ill-prepared to protect their data in a distributed remote-working environment. They also knew that employees, using their own devices, from their own personal Wi-Fi connections, wouldn’t have the same level of protection as they would sit behind the company’s firewall.
To make matters worse, getting employees to adhere to company policies is a challenge when you are not able to speak with them face-to-face. Below are some of the specific security concerns that employers must address to protect their data from both internal and external security threats:
Poor visibility: It’s a lot harder to keep track of unstructured data across a distributed environment.
Phishing: Attackers are constantly looking for ways to target unsuspecting employees and trick them into handing over data/credentials, visiting a malicious website or downloading a malicious program. As you would expect, we’ve seen a large number of COVID-themed phishing scams during the pandemic, which is usually designed to scare people into meeting the attacker’s demands.
Man-in-the-middle (MitM) attacks: A MitM attack is when an attacker intercepts communication between two parties, in this case between the employee’s device and the company network or cloud-platform. MitM attacks are especially common when employees access the company network from an unsecured public Wi-Fi hotspot, hence why remote workers are encouraged to use a VPN whenever possible.
VPN Brute-Force: Hackers will inevitably try to guess the correct password of an employee’s VPN client in an attempt to gain access to the company network.
Malicious Apps: Increasingly more companies are switching to cloud-based infrastructure for communication and collaboration, which opens up a plethora of new security concerns. One of the main concerns involves the use of third-party applications. For example, both Office 365 and Azure allow users to install third-party apps, many of which request (and even require) access to their data.
Backup, recovery and updates: It is difficult for employers to enforce protocols that ensure that employees are taking regular and secure backups of their data. Likewise, it is crucially important that the software installed on all devices used to access valuable data is kept up-to-date.
Tips for Preventing Data Loss in Your Organization
Data loss prevention software is used to prevent the unauthorized sharing or exposure of sensitive data. Most DLP solutions will automatically block/quarantine sensitive data as it leaves the network. However, DLP is more broadly thought of as a set of tools, techniques, and processes that are designed to prevent sensitive data from getting lost, misused, or accessed by unauthorized parties.
Discover and Classify Your Sensitive Data
As with any data security strategy, a great place to start is to ensure that you know exactly what sensitive data you have, and where it is located. While it is possible to manually compile an inventory of your critical assets, automated data discovery and classification solutions will make the job a lot easier. Knowing what sensitive data you have, and where it is located will simplify the process of enforcing “least privilege” access, and adhering to the data retention policies you have in place. Most real-time auditing solutions provide data classification tools out-of-the-box, and can be customized to meet the requirements of a wide range of data privacy regulations.
Monitor Access to Sensitive Data in Real-Time
Since the moat/castle approach to data security is far less relevant in a remote and distributed environment, it is crucially important that you know exactly who has (and should have) access to your data, and what they are doing with the data.
Most popular cloud platforms such as Office 365 and Azure will have some form of primitive logging functionality, which you can use to monitor suspicious behavior. However, for advanced real-time auditing and reporting, you might be better off adopting a dedicated third-party solution. Most sophisticated third-party solutions use machine learning techniques to detect deviations from “normal” patterns of behavior.
They can also detect and respond to events that match a pre-defined threshold condition, which can help to defend against brute-force attacks, ransomware attacks, and any other types of attacks that exhibit repetitive and persistent behavior. These days, most change auditing solutions are able to aggregate and correlate event logs from multiple cloud platforms, including on-premise and hybrid environments.
Use a VPN Service with Multi-Factor Authentication (MFA)
It’s always a good idea to use a Virtual Private Network (VPN) when accessing your company’s network remotely. A VPN provides an encrypted communication channel between the employee’s device and the server to which it is connecting too.
Likewise, Multi-Factor Authentication (MFA) should always be used where possible. MFA provides a more robust authentication process as it requires additional factors, such as something you know, something you are, or something you have. However, most VPNs require a traditional username and password combination, which can easily be guessed or stolen. Since attackers are often looking to obtain VPN credentials through brute-force, social engineering, or some other means, it is a good idea to use a VPN service that provides MFA.
Use the Cloud Security Features Available
If you are using a cloud-service provider you should familiarize yourself with the security features that are available. Make sure that guest access is restricted and that no sensitive data is exposed to the public by default.
Carefully review the security settings to limit what data users can share, and with who. Also, make sure that you have restricted the installation and usage of third-party apps. Some cloud service providers offer Mobile Device Management (MDM), which is used to allow admins to monitor and control which devices have access to sensitive data, and the apps which these devices can install.
Some MDM solutions also include tools that can locate and wipe lost or stolen devices.
Create a Culture of Security
As always, you will need to ensure that all employees have been sufficiently trained and made aware of the consequences of failing to comply with your company’s security policies. You should try to create a culture of security, which includes holding regular meetings and sending out memos to ensure that data security is at the forefront of your employee’s minds. You may also want to consider carrying out mock phishing attacks, in order to understand where your security weaknesses lie.
If you’d like to see how the Lepide Data Security Platform helps you monitor remote workers and ensure your sensitive data remains secure, schedule a demo with one of our engineers.