Navigating cybersecurity challenges in a new remote working era

The Covid-19 pandemic has affected businesses worldwide, leading many to adopt remote mass working almost overnight. While some organizations were well-prepared for this shift, many had only experienced a small percentage of their staff work remotely at any time before. Recent Leesman research of over 700,000 employees worldwide found that 52 percent have little to no experience working from home, and even of those who do, 83 percent typically do so for just one day a week or less. As lockdowns ease and economies slowly begin to kickstart again, businesses are now looking at options for returning staff to the office safely, and the question on many people’s lips is whether remote working is here to stay?

The answer to that question is not a straightforward one. There are several factors that businesses need to take into account to ensure successful future remote working. Unsurprisingly the dramatic shift that companies of all sizes have been confronted with has resulted in a host of challenges for IT teams. A significant issue has been and continues to be around security, with issues arising around data access control, VPN security, and fast changes to infrastructure. The challenge is a two-pronged one that involves managing existing threats, which are now intensified by a far-reaching shift to remote working and protecting employees and systems from an increased cyber threat as cybercriminals look to exploit the magnified uncertainty caused by the pandemic.

It’s vital that businesses tackle these security-related issues now, not only to navigate the current landscape efficiently but also to future-proof their organization for what will undoubtedly become a lasting change to the way we work in the longer-term.

The lack of preparedness that is clear amongst most organizations may leave them unprotected in several areas. First and foremost is from a device management perspective given the newly created end-point network that is significantly dispersed. Businesses that have not heeded security experts’ calls in recent years and have not implemented multi-factor authentication capabilities will be vulnerable to brute force tactics such as password reuse attacks. More critically, an outdated mentality that sees security as ‘behind the firewall, or not’ will result in insufficient controls for managing the unprecedented blend of BYOD and managed devices that make up a remote workforce.

A multi-pronged approach

There are several steps that companies should consider to reduce the potential threat, and a multi-pronged approach is the best strategy. IT teams should ensure that comprehensive monitoring tools are put into place, given that home networks are now essentially an extension of the office. They should also offer staff ongoing training and advice concerning securing their home networks. This new environment has put some cybersecurity in the hands of remote employees, so they need to be prepared to protect themselves and the organization.

Further to this, security needs to be extended to the device level. This means utilizing both hardware-based tools and enabling software updates that can be easily implemented and scaled across all end-points. For example, Ubuntu Desktop allows users to facilitate unattended-upgrades and Livepatch to protect end-points from emerging threats without IT intervention. Using a corporate proxy server or VPN can also help to protect and monitor the newly extended network. Simultaneously, users can also enable low-cost DNS filtering services like OpenDNS to prevent access to harmful sites.

VPNs: increased security not without risk

VPNs have unsurprisingly seen increased popularity in the current climate as they offer secure remote access for employees. According to a recent report, since March, the UK has experienced a 48 percent increase in business VPNs, while globally, this has increased by an astonishing 165%. Beyond standard functionalities such as authenticating users and providing layered access control, VPNs can be configured to use full tunneling for more substantial enterprise protection. Examples of this include the ability to harness corporate network filtering such as Intrusion Detection and Protection Systems (IDS/IPS), in addition to other situational awareness protocols like NetFlow to collect and analyze network traffic. However, with such an increase in VPN deployment and in such a short space of time as we’ve seen in recent months, there is more chance of an error occurring during network segmentation, which could unexpectedly expose company resources to a broader scope than anticipated.

Considerations for the cloud

Ongoing adoption of cloud-based products and services also poses a further area for concern about security., Businesses making this shift to the cloud need to deliberate on how they secure their services and data. Many assume that the cloud provider manages this for them, which is not necessarily the case and depends on the service. With this in mind, the same due diligence is needed when choosing a cloud platform as they would use when deploying their infrastructure. Alternatively, companies can turn to a managed services approach, ensuring the underlying complexities of their cloud infrastructure and applications – in terms of maintenance, security and scalability – are run by a trusted partner, which means their IT teams can focus on other primacies, especially during these unprecedented times.

Ultimately, an after-effect of this pandemic will be that it illustrates a potential new future world of work, a future where remote working is the norm and people and organizations can continue working effectively, regardless of their location. Even for those who were perhaps reluctant to adopt a remote strategy before, these unprecedented times have shown that homeworking can be a successful part of their more comprehensive business strategy. As remote working becomes universal, the explosion of cloud resources and VPN services will continue, and new access control measures will be needed. For IT teams, this poses new associated security risks to overcome to navigate the now and the future of their business longer-term.