The key ingredients to maintaining a safe and secure remote workforce
Today, users, networks, and applications can, and should, exist everywhere, which puts new burdens on security teams to protect them in the same way as the traditional perimeter. This is becoming more crucial as Canadian employees, especially millennials, are increasingly demanding to work from home. According to a recent report from the Conference Board of Canada, more than 70 percent of full-time employees aged 18-29 said they would have greater job satisfaction if they were allowed to work remotely.
With more Canadian organizations allowing their employees to work from anywhere, at any time, it is of paramount importance for their security teams to regularly review cybersecurity best practices when it comes to remote connections to their core networks. For users and security teams alike, the cardinal rule is that all traffic connecting to the network must have the same security controls and policies applied, regardless of user location. There should be no deviations or exceptions made to accommodate remote users – cybersecurity must be consistent in order to be effective.
In the past, organizations supported various remote access strategies to enable remote users, generally backhauling traffic to the corporate network or using multiple point products. When it comes to security policy and protection, these strategies are difficult to manage, costly and inconsistent. With timeliness or efficiency top of mind, employees would often bypass normal security protocols to access network resources, especially when on vacation and trying to finish up work so they can get back to their R&R – an understandable behavior in the heat of the moment, but one that could potentially open the door for attackers to infiltrate the network.
As we’ve seen, the threat landscape continues to evolve, with new techniques and toolkits available for almost every threat use-case, such as the targeting of remote and mobile employees. In an environment where infecting these users is almost too easy, it is imperative that organizations adopt security practices that are equally simple to use, an extension of the protections they already deliver and include a seamless user-experience that does not hinder their work.
So, thanks to changing norms within the workplace, I’d like to offer the following advice for IT security teams expecting a spike in remote network connections:
- When and if you’re using separate security protection for remote networks, mobile users and your local networks, you need to reevaluate your strategy. The truth is you’re putting a heavier burden on security and operations staff, increasing cost and potentially opening seams in your protection that attackers can use against you.
- Consider deploying an approach to cloud-based security for remote networks and users that extends your local policies. This should be simple for users and provide access to all the applications they need to incentivize use.
- A prime target for cybercriminals is personal mobile devices, as they are so prevalent and can be less secure than employer-issued devices. Make sure employees are aware that the loss or theft of a personal device, even if not used for work purposes, can be a security risk to IT assets.
Keep in mind that cybersecurity cannot be the sole responsibility of the IT team – users have a role to play as well. In addition to following the cybersecurity processes your security team has put in place for remote users, here are some additional best practices to share with remote employees:
- Make sure to regularly update your mobile devices with the latest security patches and software updates for its operating system and applications.
- Install password managers to keep credentials secure on their mobile devices.
- Avoid using public Wi-Fi networks or workstations in cafes, airports, or shopping malls. If you must use public Wi-Fi, be sure to log out of any SaaS applications or Web sites you are using and clear the browser’s cache before you end your online session. As soon as possible, change your log-in credentials for any SaaS applications or other network assets you accessed while using the public network or workstation.
Rob Lunney, is country manager for Canada at Palo Alto Networks