Tips to Help Secure a Remote Workforce

Increasing security of your remote employees is crucial to the security and integrity of your systems and data

With the COVID-19 pandemic creating what appears to be the new normal, IT and security teams across nearly every industry continue to face unprecedented business situations. While it’s a time of extreme uncertainty, many business operations cannot be put on hold. Organizations need to be increasingly flexible and adapt their operations as they support an entirely distributed, virtual workforce.

Much of the transition has been prominently praised in headlines over the last few months. Zoom is now a household name, Slack is finally starting to replace email messages and cloud computing is being heralded for its role in keeping businesses operational.

But it’s a more complicated story behind the scenes. Many organizations have relaxed VPN policies to give their workforce remote access to critical information and systems. Employees not equipped with corporate-issued laptops are now using unmanaged personal devices to access company systems and data and doing so from less secure home networks. According to reports from Shodan.io, there has even been a notable increase in the number of computers accessible via RDP from the internet—a risky move that only highlights the dire straits many teams have found themselves in.

These steps ensure immediate business continuity, but they come with serious repercussions. Each of the steps above increases risk for enterprise security organizations. Further exacerbating the issue is the fact that as millions of workers rapidly transition to working from home, cyberattackers are actively looking to take advantage of stressed IT and security resources. We’re already starting to see significant increases in phishing attacks and other email scams, many of which play on themes of fear and sympathy surrounding the pandemic to lure victims.

Keeping Remote Workers and Systems Safe

Fortunately, there are a few practical steps security and IT organizations can take to protect the network while they defend a larger and more porous attack surface. 

Determine where people are remoting in from

IT organizations should pay attention to the geographic origin of external IPs connecting to their VPN concentrator or access gateway. Knowing where each of your users should be connecting from is very important to detect an unusual log-in, and one user connecting from two geographic locations should certainly raise alarm.

It’s also important to verify that employees are using approved remote access tools. Many organizations have policies against using remote access tools such as TeamViewer, LogMeIn and GoToMyPC because they present significant security risks. Now is not the time to loosen those policies, but to educate workers about how they can securely access sensitive applications and data. The fastest way to identify these types of policy violations is to look at network traffic. 

Monitor Active Directory accounts

Phishing scams and ransomware attacks are on the rise—according to Vox, by March more than 4,000 domains using words and phrases including “Corona” and “COVID” had been registered for use. In this time of heightened attack, there are a few key behaviors IT and security teams should be actively monitoring. Look for excessive lockouts, failed logins and use of disabled accounts—all of which can indicate attackers have compromised a user device and are trying to gain access to more resources. Tracking service accounts for unusual behavior is a good idea, as is setting up “canary” accounts that act as a honeypot or tripwire, catching attackers looking for more access in your network.

This step is especially critical, given the massive number of unmanaged personal devices that employees are now using to access the network. These unmanaged devices heighten the risk of stolen credentials and can open up the organization to additional vulnerabilities.

Lean into your people

People are your greatest asset, and that goes for your IT and security personnel. And that’s why finding ways to work together, share information and avoid finger-pointing is critical. Teams traditionally focused on one domain—whether end user experience or security—may lack the visibility and expertise required to manage that under new conditions. Colleagues will benefit from reaching out to others and getting their input on how to solve the challenges they are facing together.

Securing Remote Workers: Final Thoughts

Finally, the best advice I can give to organizations—and what I’m doing at my own company—is regularly reminding employees to stay on their guard. This is going to require vigilance from all sides, but it’s what is required to get through this period without major security breaches.

Featured eBook
The State of Cloud Native Security 2020

The State of Cloud Native Security 2020

The first annual State of Cloud Native Security report examines the practices, tools and technologies innovative companies are using to manage cloud environments and drive cloud native development. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report surfaces insights from a proprietary set of well-analyzed data. This ... Read More
Palo Alto Networks

Jeff Costlow

Jeff Costlow is the CISO at ExtraHop. He started his career in computer security in 1997. As a security technologist and leader for over 20 years, Jeff’s deep experience securing information and technology assets as well as years of successful engineering leadership have resulted in secure product deployments to thousands of customers.

jeff-costlow has 2 posts and counting.See all posts by jeff-costlow