Worried about the impact remote working has had on your network security? Here are some quick ways to create a solid cyber defence around your workforce.
Recent years have seen a steady increase in the number of organisations adopting remote working as part of their business model, largely thanks to the increased availability of top tier cyber security solutions.
That steady increase recently saw an unprecedented acceleration as the COVID-19 virus forced many organisations to make rapid adjustments to enable full-time remote collaboration and keep their people safe and healthy.
Such rapid redistribution has also seen a rise in criminal activity as attackers circle isolated remote workers searching for an easy score. So, as a CISO, not only have you had to relax some of your security controls to allow remote working to happen, but cyber-criminal activity is on the increase at a time when your corporate network is more vulnerable than ever.
As a result, any large-scale cyber security projects you had in the pipeline have likely been shelved indefinitely, whilst all your efforts go into plugging the immediate security gaps this shift in working practice has created.
Getting the basics right will go a long way to helping you get out in front of the issue, so we’ve pulled together some steps you can take right now to increase the security of your newly remote workforce.
If you didn’t know already, enabling multi-factor authentication (MFA) can help prevent 99.9% of all credential attacks.
Essentially it stops hackers from gaining entry to your systems via a compromised password by requiring another step in the verification process, whether that be a text message, biometric or physical device confirmation (such as a FIDO key).
It’s widely agreed that implementing MFA is potentially the easiest and single best thing you can do to quickly boost your security.
We appreciate enabling MFA or two-factor authentication across your entire workforce is not something you can do overnight. To do so properly, you’ll need a deployment plan in place and a well-defined campaign to communicate and train end-users. But what you can (and should) do straight away is enable MFA for ALL your admins, as they hold the keys to your kingdom.
Treat the rollout of MFA to global admins as a trial. If that works then look to expand these efforts to other high-profile employees or critical applications. The immediate goal is to bolster security first and then fine-tune your policies over time.
If you have the relevant Microsoft product licence (typically an EMS E3 or Microsoft 365 E3 licence) you could speed up this process by utilising conditional access to broadly apply MFA by admin role in Azure AD.
81% of breaches are caused by compromised credentials. Watch this free webinar on-demand and discover:
More often than not, the biggest hole in your security defences are your own employees.
Many organisations will have various plans in place for communication and training on security awareness, but you need to consider accelerating this in a big way – as in right now.
We’d recommend you team up with your HR department to implement a sustained campaign of communication with your new remote workforce, offering them crash courses in securing a home working environment.
Provide guidance around the following six key areas:
The latest advice on passwords suggests using a combination of three random words that are easy for the user to remember but hard for a hacker to guess.
With many of your employees now working from home, we suggest you strongly encourage them to update their router settings with a strong password.
Keeping devices updated is crucial to maintaining effective security. Updates will regularly contain new bug and vulnerability fixes.
Make your users aware of how to save documents and files so that they stay on your work servers or approved cloud systems.
Phishing is one of the most common attack methods. Teaching your staff some typical phishing tactics to look out for will help stop them clicking on any links they shouldn’t.
Don’t leave your team guessing. Clearly communicate how they should contact IT support if they have any questions or concerns.
Your internal security team has a tough enough job keeping on top of your IT environment at the best of times, so adapting to a distributed workforce will have only stretched them further.
To that end, let them know where you want them to be focused during the transition. You should prioritise remote access security tasks such as log reviews, attack detection, incident response and recovery.
With most of your staff now operating outside your traditional security perimeter, be mindful of an increase in phishing attacks.
If you have an Office 365 E5 or Office 365 Advanced Threat Protection licence be sure to make use of its dedicated anti-phishing capability. Not only does it help guard against phishing attacks, but it also protects against zero-day attacks and any malicious web links or URLs contained within e-mails or documents.
Office 365 ATP also applies advanced impersonation detection rules to identify e-mails that are pretending to be from someone else, i.e. your CEO or Head of Security.
“An effective MDM solution will help you apply controls like encrypting or wiping data on a device should it be lost or stolen…”
Until your organisation adapts to working remotely, you’re going to want to keep a closer eye on your endpoint security. Using a mobile device management (MDM) tool – such as Microsoft Intune – is an effective way to easily apply security controls to all those new laptops and work phones that are now out in the wild.
An effective MDM solution will help you apply controls like encrypting or wiping data on a device should it be lost or stolen, as well as restrict the use of external storage devices such as USB sticks to keep your data stored where it’s secure. It will also allow your IT team to help prevent shadow IT from sneaking into your organisation’s network.
If you haven’t already, investigate establishing a self-service portal (SSP) for your staff to use. This makes it easy for them to set up devices using pre-arranged security settings that have been determined by you, saving your IT team time and establishing a base level of security across all devices.
Finally, to make things easier on both your IT teams and other staff, try to arrange for significant IT changes to be implemented outside of typical work hours. This keeps disruption to a minimum and allows changes to occur at a time when your system has fewer demands on its bandwidth.
With endpoints in mind, consider how your staff will be accessing your company applications and resources. Virtual private networks are a popular method for providing external access to on-premises apps and infrastructure. If you’re using one, it’s critical that you ensure your VPN solutions are fully patched and up to date.
Check with your VPN vendor for any available updates and apply these ASAP. Make sure that you understand the impact of these updates on other systems as sometimes they’ll require client updates also.
It’s also worth getting your IT security team to test for any VPN limitations to adapt to mass usage. They may need to modify VPN rate limit to prioritise users who will require higher bandwidths.
VPNs aren’t the only way to grant remote access to your on-premises resources and apps. If you have an Azure AD Premium licence, you’ll have access to the Application Proxy or Azure AD App Proxy (as it’s commonly known).
This is our preferred method for publishing apps externally as the Azure AD App Proxy establishes a secure connection from within your environment to Azure AD in the Cloud. This way, your chosen applications can be published to your users without requiring external firewall rules.
Users connecting to services via the proxy will also be subject to Azure AD’s stringent authentication processes before being routed down to the service on-premises. This approach will allow you to customise and apply any additional security controls through conditional access to achieve a significant security boost.
To ensure all your employees are singing from the same hymn sheet, you’ll need to make sure that you have a clearly stated cyber security policy that is regularly reviewed and communicated. All your employees should have easy access to it with the freedom to ask questions if they’re unsure or have any concerns.
Your policy should be mutually agreed between management and internal IT and cover:
Be sure to consider the fact that some of your new-found remote employees may still be completely unaware that data security is something they should be concerned about, at both a personal and professional level.
Educate them on how to access the network and applications, where to save documents and files and how to apply good cyber security practices such as phishing awareness, etc. They must understand the reasons behind your request else they’re likely to ignore it and that will only add to your security troubles.
Having a document where they can see the security steps you’ve taken, why you’ve taken them, and what their role is in supporting it will go a long way to avoiding any unnecessary shortfall in security.
In the medium to longer-term, consider adding some more detailed training videos on spotting phishing attacks or adding some simple ‘how-to’ guides for turning on firewalls or installing an antivirus product etc.
The education and reinforcement of good cyber hygiene will be a continuous process so use this policy as a starting point.
Naturally, these steps won’t solve 100% of your security issues but they will provide a strong base on which to build.
Just be sure that whatever steps you take or changes you implement are regularly updated and communicated to your workforce. Everyone must do their part if security is to be maintained.
And be careful not to lay the blame on the individual if something does go wrong. Encouraging open and honest communication will be crucial to gaining visibility of where your efforts are needed most. You want your people to feel comfortable coming forward for help rather than potentially hiding any slip ups.
Keep your finger on the pulse of security and Microsoft technology. Submit your business email to get the latest content and event invites straight to your inbox.
As head of our Mobility & Security practice, Mat’s responsibilities include ensuring that our technical knowledge and delivery capability are fully up to speed and current, as well as creating a...
READ AUTHOR'S FULL BIO
Find out how conditional access and MFA mitigate the risk of a data breach.Watch now
Send us your questions or feedback.
Friendly folks are standing by!
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.