As the crisis-ridden months of 2020 ticked by, the growing realization that remote work was going to be an essential factor in businesses remaining financially sound prompted many SMB leaders to examine their company’s cybersecurity protocols. With employees remotely accessing sensitive company accounts and data via unsecured personal devices, securing your company network and avoiding data breaches and cyberattacks should be at the top of your priority list as the work-from-home model takes hold as a viable, long-term work option.
Table of Contents
- Anatomy of a Secure WFH Network
- Network Security Checklist
- EPP, EDR, MFA and 2FA
- Virtual Private Networks
- The Zero Trust Approach
- Taking Your Network Security Seriously
Ideally, companies that have invested in their employees working from home will provide a work-issued laptop or computer that has been thoroughly vetted and secured by their IT staff. In addition to being equipped with endpoint protection, encrypted drives, antivirus software, and often a VPN, these work-issued computing devices allow the IT team to manage and issue security updates and patches across the remote team.
Unfortunately, not every organization can afford to kit out their remote workers with secure laptops, leaving employees to rely on their personal devices to access company platforms and data from unprotected home networks. To safeguard access to sensitive business data, implementing strict data security ground rules for your remote employees using their own laptops is essential.
Home networks are notoriously vulnerable to cyberattacks and malware just by the sheer number of connected devices that often exist on them. With many homes dabbling with IoT devices such as connected appliances, the first step to securing the home network is an employee checklist that identifies every single device that has access to that network. With this checklist complete, remote employees should:
- Change default passwords
- Change the default IP address
- Disable remote access to the home network
- Regularly update their router and devices’ software
If remote employees do not own their network devices such as routers and modems, you should insist on a separation of work and personal activities on the device. For example, implementing split networks (establishing a guest network to separate personal desktops from the remote work desktop) by using a dedicated virtual local area network (VLAN) for work use only.
Also read: Best IT Management Software 2020
For further security, you should implement an endpoint protection platform (EPP), which detects cybersecurity threats and malware on employee devices and quickly removes them. When used in conjunction with endpoint detection response (EDR) solutions, IT teams can isolate cyber threats and implement automated responses plans as well as better determine the threat’s source, location, and how it has affected the endpoint.
Multifactor (MFA) and two-factor authentication (2FA) are especially important to warding off phishing attacks that often target employees’ email accounts. Using urgent-sounding emails directing email users to change passwords or personal information on websites designed to look legitimate, hackers can then use the information to gain access to passwords and security questions. MFA and 2FA are additional forms of authentication that you should establish across your end-to-end network. MFA and 2FA require users to provide more information beyond a password. This can be done in a number of ways, including:
- Password/security questions combinations
- QR codes on portable devices such as a smartphones
- Biometrics such as a fingerprint, face, and retina scans as well as voice IDs
- Time-based, one-time passwords or authentication codes sent via email or text message
While not foolproof, MFA and 2FA are effective at combating most phishing attacks and could save companies a fortune by successfully defending costly and damaging network breaches.
In recent years, virtual personal networks (VPNs) have become popular with people looking to bypass geographical location restrictions, but they are also powerful tools in providing robust online privacy. By encrypting the connection on a personal device, secure VPNs allow for safer connections to your business information systems. A VPN works by creating a private connection where information traveling from a device connected to the VPN will be encrypted and sent through this secure connection or tunnel. There are two types of VPN:
- Remote access VPNs allow individuals to remotely connect to a central network using a network access server (NAS) and a VPN client (software installed on a user’s computer or mobile device)
- Site-to-site VPNs provide a virtual network that is used between partner companies to connect entire networks to a central location. The VPN client is hosted on each local network rather than on an individual user’s device, allowing users in each office location to access the shared network.
Business VPNs can be cost prohibitive depending on the size of your business, the scale of your IT department, and its ability to implement and manage VPN services across the existing company network. A viable alternative is a Cloud VPN, which cost-effectively offers a secure connection to the company’s cloud data and applications as well as provides authentication for users without having to purchase hardware or set up complex IT infrastructure.
Long before the coronavirus pandemic, the distributed workforce business model was on the rise and with it, growing calls for a zero trust network access approach (ZTNA) to enterprise IT security. Zero trust transforms business network security into a model that assumes breach and verifies each access request as if it were coming from an open network. This “never trust, always verify” approach means that every network access request is authenticated, authorized, and encrypted before access is granted. The zero trust approach has been around for a while, but it is gaining traction as the temporary shift to remote work models sinks into permanence.
Zero trust network access is a wholistic IT security model that stands on six principles:
- Verify all identities using robust MFA authentication.
- Get visibility into all devices accessing your network before granting access.
- Manage and monitor applications using real-time analytics to ensure appropriate in-app permissions and gate access.
- Employ data-driven protection to encrypt and restrict access based on company policies.
- Protect enterprise IT structure using telemetry to detect attacks and anomalies, automatically block and flag risky behavior, and employ least privilege access principles.
- Encrypt all internal communications, limit access by policy, and employ microsegmentation and real-time threat detection.
A 2019 Gartner report projected that by 2023, 60 percent of enterprises will phase out VPN and replace it with ZTNA. The approach is attractive because of its minute control over who accesses the network and from what device, using security policies grounded in a least-privilege approach.
Safeguarding your business network while your employees work remotely is a joint effort. Establishing trust while working to ensure distributed and remote staff are accessing and using your sensitive data ensures that increasingly sophisticated cybersecurity threats have to work harder to breach strict access measures. A detailed checklist that accounts for every aspect of your network, both on-premises and remote, prepares, anticipates, and quickly deals with these threats, bringing with it some peace of mind.