While the world shifts to remote working in this post-COVID-19 world, there are rumblings around working from home and cybersecurity concerns.

Contrary to popular belief, many organizations don’t have proper work from home capabilities or strategies in place. Some are only allowing their IT/Security staff to work remotely.

There are many vendors selling products during the pandemic that seek to take advantage of the panic and provide secure solutions, but only some are valid depending on your organization’s situation.

Understanding Virtual Private Networks

The first step is understanding how VPNs work. You can read our in-depth article here.

The short definition is that a VPN allows a secure connection over a non-secure network to access internal resources in your office, data center, or cloud from a remote location such as your home. 

From a cybersecurity perspective, the concerns and architecture are no different than usual, but with a few twists.

Below I cover areas to help you better protect your organization:

VPN Split Tunneling

There are two ways to implement your VPN: split tunneling and full tunnel mode. Most organizations do full tunnel mode for a few reasons.

Split tunneling allows you to connect to both your corporate network and your home network so you can browse the internet from your home internet and still access resources on your corporate network.

One concern is that insider threat risks increase when users can access corporate data and send it outbound with no knowledge by the organization. Additionally, depending on policies and access control lists, files from the home network such as malware or ransomware, can traverse to your corporate locations easily.

In full tunnel mode, there are other points for concern.

When everything travels back to your corporate internet location all traffic traverses, including the user’s internet browsing and streaming services such as iTunes, Spotify, and Netflix, creating a significant drain on resource and bandwidth. Depending on your security tools, you could also be capturing your users’ personal credentials unintentionally.

User Education

As part of that full tunneling, our clients often bring up questions about streaming services. In any organization, a significant component of cybersecurity policy is an acceptable use policy. Educating and reminding your users about their acceptable use policy can help limit the unintentional drain on your network from games, streaming music, and video, gambling, and other activities.

Phishing is also a major concern. A crisis or global issue like this one brings out hackers and scammers in full force looking to capitalize on fear to infect users or to steal intellectual property, credentials, or financial information.

Businesses should also be aware of password reuse. Ensure users are educated to not use personal passwords on any work-related systems and vice versa. Password or credential reuse is a critical security concern. 

Endpoint Visibility

Visibility into your endpoint is highly critical when it’s not connected to your network. Both patch management and threats are serious concerns for remotely connected users.

Ensuring the machine still gets patched regularly and preferably the ability to push out emergency patches is essential.

Secondly, a competent EDR solution is key to both proactively blocking threats as well as insight into risky machines, loaded software, and the ability to threat hunt.

VPN & Cloud Logging

Ensuring you have your firewalls, VPN devices, cloud access points, and servers related to remote access such as Citrix and VDI are all logging effectively to your SIEM is critical. Insight into brute-forcing, cipher attacks, vulnerable software, and others helps prevent unwanted access. Many SIEM’s have user behavioral analytics to help identify these types of attacks.

Identity & Access Management (IAM)

Cloud access, O365, VPN, and administrative functions should have some level of token or two-factor solution in place. You may read that SMS based solutions are vulnerable, and while that’s true, it still provides a level of advanced authentication to your access. There are other solutions such as Google Authenticator, Duo, Okta, and RSA Secure ID that provide an additional layer of security.

Two-factor authentication and password complexity help improve your security posture. See our blog Successful Password Policies, for more information. 

Network Security & Segmentation

The last piece to discuss is network security and segmentation. Your VPN network should terminate on its own network and not directly into a user or server segment in your office. Your network team can build a Virtual LAN or VLAN to isolate this traffic, allowing access lists to be applied to prevent unwanted access. Some VPNs also restrict each client from connecting to eachother over the VPN, which is the ideal best practice. Doing so prevents attacks or malware/ransomware from spreading from someone’s home to everyone else connected via a VPN. Lastly, ensure proper firewall rules, security groups/user access privileges are set up to prevent unwanted access.

Conclusion

While remote work might be new for some, it has been a standing tradition for IT and security staff. Be diligent, ensure your teams are educated, you have solid backups, a disaster recovery plan, and work with partners who care about you and your security during this transition period.

For questions regarding remote work architecture and security questions, contact us for a free consultation.