Creating a Secure Remote Workforce

In a few brief years, organizations of all sizes have been driven to redeploy their workforce from office to home or some hybrid solution. To suggest this was a deliberate move from corporate leaders would be false. Instead, the harried move has been in response to an unexpected world pandemic.

No one is sure if the remote workforce may grow into a stable fixture, a shift back to the office, or a home/office combination. No matter the case, a solid security solution must invariably be maintained as a central priority. 

Technologies Protecting the Home Worker

Even though the pandemic rages on, some corporations have signaled they may never go back to an in-office work atmosphere. A few companies are considering a hybrid solution, while others have called their employees back to the office permanently.

Current Technologies in Place, Protecting the Home Workforce:

• Zero Trust has been a part of the networked system for some time. However, with recent developments, the zero-trust policy is being forced to take on a more substantial role. The Zero Trust model is a secure remote application based on a defined set of login rules for employees and devices to the network. Non-compliant devices are either quarantined or rejected out-right.
• SASE (Secure Access Service Edge) is a method for wide-area networking and security. SASE is Cloud Service which bundles security, network, and policy functions, sending the information back to the source as a separate cloud service.
• Identity Access Management is a broad framework of technologies and practices that ensures the right users access the appropriate resources.

Enterprise security foundations are being built on the three legacy technologies. However, more cyber-attacks are coming. Keeping home workers safe and company data secure means businesses must look at cyber-security issues from start to finish. One of the initial elements of a healthy plan is a Policy Statement.

 

Policy

Taking employees out of their work situation and moving to an unstructured home/office environment is imposing for anyone. The first component a company must provide is a Cyber Work from Home Policy. The key to this document is setting the right expectations.

A work from home policy document must create an infrastructure to protect the worker from every intrusion.  The policy must seek to mitigate the dangers of such a radical move.  With the proper preparation, a policy can keep your team connected, safe, and rewarded.

A sound Policy Statement should empower your employees. Consider the following:

• Trust: A Work from home worker must be fully invested in the company’s success. With the correct type of trust, an employee will go above and beyond what they are called on to accomplish. A company must establish a higher level of trust to cement the engagement bond.
• More Time: The average American commute is 52 minutes a day. Policy statements need to point to this extra time and direct the employee to their families or themselves, rather than more work.
• Focused Work: Office distractions are eliminated when working from home. Your team should be encouraged to schedule tasks that require an intense focus on certain days of the week.
• Absenteeism and Lateness: Office norms are no longer an issue with a home/work environment. However, time is a premium, and home employees must be instructed to use that time productively.
• Well–Rounded: Work from home employees must be encouraged to cultivate a complete family and life environment. Take time for passion projects and family hobbies. Well-rounded employees perform better at work.

It is essential to define the scope and purpose of the policy. Too short on procedure and employees may get stuck with making up their own rules. Too long, and no one will read or pay attention to the document.

Expectation is a vital part of a remote workforce. Employees must understand what is expected of them without being overly demanding. Responsibility plays a vital role.  Each person in the organization needs to understand security is a priority for everyone. If there is a problem, there should be procedures in place to fix the issues.  

 

 

Authentication

Multi-factor authentication is must-have security feature for any business and specifically those with a burgeoning remote workforce.  Vulnerabilities are everywhere. Recently it was discovered hackers were rerouting  SMS messages from 2FA apps and diverting money directly from bank records.

The following five authenticator applications are for the distributed enterprise:

• Duo Mobile is used for corporate networks and is a part of Cisco. Enterprise features such as multi-user deployment, provisioning, and one-tap authentication. Back-up is to Google Drive and iCloud.
• Google Authenticator is a no-frills basic authenticator app. Google seems content for Users to employ Android as its two Factor Authentication. Potential users may wish to have additional apps to fall back on.  However, this is a great authenticator.
•  Last Pass is a comprehensive authenticator with full integration with its password manager.  Installation is a breeze, and users can quickly authorize the app with the push of a button. The Last Pass Vault is extremely helpful when moving the account to a new phone. Seamless operation between mobile and the desktop.
•  Microsoft Authenticator works with the entire Microsoft ecosystem. A complete set of authentication tools are available for desktop and mobile. Pin or biometric logins are available. Sync the system with your primary Microsoft account to use the full capabilities.
• Twilio Authy offers several advanced two-factor authentication features. First and foremost, it is their encrypted backup to Google drive that makes the app unique. The app makes abundant use of encryption across its platform, with encrypted logins.

Advanced authenticator apps generate time-based codes that refresh every 30 seconds. Hackers may gain access but will not work after the time code expires. Each of the apps above is exceptional for a distributed enterprise.

Do you want cloud solutions, but you are not sure which ones will help your remote workforce best? Then download our guide that covers the questions you need to know before migrating to a cloud. If you have more questions after you read our download, then contact us!

Remote Access Software

Remote Access Software is ideal for specialized functions within the remote workforce. Remote Access apps and Desktop software allow users to access a computer in a remote location anywhere in the world as if they were sitting at the screen.

Some Remote Access software is designed for personal use, while alternatives are strictly for the enterprise.  Smartphone apps can be designed to access desktop systems.

Software and Apps for the Remote Workforce

Nothing is as fundamental to the security of a remote workforce as the software and apps used for an efficient worker. Proper design and the unique demands of the remote worker are paramount in shaping the applications needed for the enterprise.

Password Managers

In a world of multiple access to various business and personal accounts, password managers rise to the top of a critical needs list. It is crucial to have an authority system everyone is comfortable handling. Do not force an operation on employees!

Here are five good managers:

• Nord-Pass is an attractive application with outstanding encryption features. Support for seven browsers, chat, and a data breach scanner makes the Nord-Pass an interesting choice.
• Enpass combines a minimalist look and maximum security. Cloud host and SQL cipher for added security.
• ZOHO Vault is a well-known application with valuable elements for a distributed network. A built-in VPN and a deep web scanner are useful quality-added factors.
• Passbolt is an open-source application developed for the enterprise. Plenty of transparency and customization options are available.
• Keeper supports various devices and browsers and comes with 5G of storage—a feature-rich app with instant messaging.

Advanced Password Technologies

Automated password management is coming into its own. The widespread endorsement of artificial intelligence and, specifically, machine learning have fostered many unique facets of password technologies.

Automated password reset tools are enterprise applications needed to automatically reset a host of new account passwords without human intervention. Many small businesses are implementing these tools for security and convenience.

Password Vault Technology is an earlier approach that is experiencing new technologies. A password vault keeps an infinite number of passwords and account data in a secure digital location. A single master password is required to access the vault.  

Management tools for the enterprise use several security layers to ward off internal and external threats from stealing login credentials. Many of these centralized management strategies are now cloud-based and heavily encrypted for the ultimate remote security.

Password Vaulting is a coined phrase that takes highly sensitive executive accounts and passwords out of the control of company IT personnel. The vault is digitally secured in locations known exclusively to a few in the enterprise.

Risk, Threats, and Solutions for the Enterprise

Statistics that illustrate the breadth of cyber-attacks are overwhelming. In the first quarter of 2021, strikes against Fortinet’s SSL-VPN were up an astonishing 1.916%. Another popular VPN service, Pulse Connect Secure VPN, encountered a 1,527% hike in assaults.

VPNs are separate networks within a public network where users send and receive data as if their machines were directly connected. VPNs are now encrypting data as it leaves the device, and any IP address is suppressed. Remote servers secure network activity by storing data remotely.

Companies are using all the communication tools at their disposal to secure connections for their hybrid workers. The Remote Desktop Protocol is another mechanism that is experiencing rising attacks.  Developed by Microsoft,  the RDP establishes a graphical link to another computer. Attacks on RDPs are seeing the same proportion increase of intrusions.

Modern Solutions

Companies are progressing beyond the traditional VPN services to a more protected environment. A recent survey of global leaders found that 40% of all respondents are planning a move to the ZTNA/SDP protocol. In comparison, 38% expressed the need for a more robust multi-factor authentication model.

The ZTNA/SDP is a zero-trust architecture based on a defined credential networking framework. SDP adds a need-to-know design, and the default is, “deny services to all.”

Enterprise VPN Service

Cisco AnyConnect: Cisco is a world leader in device security. The largest companies on the planet rely on Cisco networking machines. AnyConnect offers a lower overall cost of ownership, continuous automation from endpoint to endpoint encrypted security.

AnyConnect works on hybrid, full remote, or any combination in between. Robust MFA protocols are employed, threats are eliminated at the access point, and world-class analytics. There is no better VPN service for the enterprise than Cisco’s AnyConnect.

Cisco offers several cutting-edge technologies no other company comes close to providing. Umbrella Roaming is a cloud-based security service that supports users even when they are away from the VPN.

Under Attack

The enterprise is undergoing unprecedented attacks from criminals thousands of miles away. High-profile attacks are making headlines every day.

What are the primary attack vectors?

• Supply Chains are under siege. Weak third-party vendors are causing havoc for large corporate businesses. Cyber attackers look for the weakest link in the chain and attack. Two of the most significant breaches, LabCorp and Quest, the attack originated from their online payment system.
• Unpatched and Obsolete systems. No other area of the network is as preventable as keeping systems updated with available patching. An Apache Struts Web Framework was unpatched and contributed to 145 million social security numbers being exposed.
• Compromised credentials are an enormous headache for the enterprise. Billions of stolen credentials are accessible for the taking on the dark web. Cyber-criminals use this vector as an entrance point because of its simplicity of stealing login information.

What is the Best IT Security Solution?

Will the relentless tide of cyber-attacks ever end? In a word, No! As long as the rewards are substantial, cyber-criminals find no need to slow down their aggressions. The “it can never happen to me, syndrome” is prevalent in every industry. There will always be that one staff member that will click on the apparent malware or ransomware email.

Looking for help with a Ransomware attack, or to learn how to keep your business safe from one? Fill out the form below!

The sharpest minds in corporate security have provided a number of great tools for the enterprise. Each new cyber-attack creates a flood of new attacks and modifications.  Cyber-attacks have risen to one of the top ten corporate concerns for the next decade.

The World Economic Forum has determined that the money to keep pace with cyber threats worldwide will cost the enterprise nearly $90 trillion. Those dollars are merely keeping pace, not beating the attacker.

In the digital age, cyber resilience will happen with effective leadership and the secure design of infrastructures. First and foremost, corporate leaders must understand the foundations of cyber-security, and position their teams as enablers rather than casualties.

We wrote a guide on safety when it comes to working from home. Take a moment and read some of the safety and security tips we put in this guide.

BACS IT is Here to Help Keep Your Remote Workforce Secure

When you want to protect your remote workforce, turn to the experienced Bay Area IT Consultants here at BACS IT. We will discuss your specific needs and create a security plan that fits your business. We can even help with unique security needs, so contact us.