The new crown epidemic is entering a new stage of development, however, the transformation of the remote hybrid office model of enterprises triggered by it is still continuing. There is no doubt that this change has greatly increased the network security risks of enterprise organizations, because it not only expands the potential attack surface, but also breaks the traditional perimeter security protection model.
In general, if the security of the remote office environment of the enterprise organization is not good, it may encounter the following risks:
- Economic losses: mainly including the recovery costs of safety accidents, and fines from regulatory agencies;
- Loss of goodwill: companies may lose the trust of customers, suppliers and partners;
- Loss of data assets: As the hidden dangers of cyber attacks or internal threats continue to increase, the threats to corporate data assets will also increase;
- Legal costs: due to violations or sensitive data leakage, it will lead to an increase in the cost of legal proceedings for the enterprise;
- Business Operations Failure: Businesses may be at risk of disruption to internal business operations and critical supply chains.
Although at present, ensuring the security of remote office has attracted great attention from enterprise organizations, in practice, some security personnel still make some serious mistakes in configuring and managing the remote office environment. This article collects and sorts out the 10 most common mistakes companies make in remote office security protection, and how to effectively avoid these mistakes.
1. Lack of visibility into telecommuting activities
Lack of visibility into the telecommuting activities of an organization's employees can severely impair an organization's ability to detect and prevent security threats.
While the work environment is different, remote workers often have the same level of access to business systems as their office-based colleagues. And with survey data showing that around 43 percent of remote workers make mistakes with cybersecurity, it's imperative that organizations take steps to minimize these impacts.
Additionally, if remote workers become malicious insiders, they can more easily steal or compromise sensitive data, conduct corporate espionage, or commit fraud. To effectively combat this threat, security teams must be able to fully monitor the system access activity of all teleworkers. To this end, organizations may consider deploying specialized visibility monitoring management software.
2. Provide remote workers with excessive access
Remote employees with excessive access rights are likely to be the source of privilege abuse, compromised accounts, data breaches, and other cyberattacks. One of the most effective solutions is for companies to adopt the "principle of least privilege" as soon as possible, which means that employees are granted little access beyond what is required to perform their job duties. Reducing unnecessary access to critical information by remote workers can help prevent potential security threats. Organizations can also consider implementing a more comprehensive approach to instant access management, adopting stricter rights management policies than office employees for remote privileged users and third-party partners, because their privileges to access the organization's infrastructure may be illegally elevated.
3. Lack of a clear remote access security policy
If the enterprise lacks a clear security strategy, it may lead to poor clarity and synchronization of enterprise security construction goals. The Remote Access Policy (RAP) is designed to guide organizations' efforts to ensure the security and stability of remote work. Such a policy outlines the workflow that security personnel and teleworkers should follow to minimize remote cybersecurity risks associated with business work. The RAP may be part of a broader information security policy (ISP) in the enterprise, and it should include a list of cybersecurity solutions and tools for managing the risks of remote work for the organization.
4. No unified management of user passwords
In an enterprise office environment with poor security, remote employees often set account passwords by themselves, and have the habit of using weak passwords, which increases the risk of account leakage due to brute force attacks, password spraying, and other network attacks. According to a remote work study by IBM Security and Morning Consult, up to 35 percent of remote workers reuse the same passwords for the business systems and logins they use. Poor password management habits of remote workers force organizations to use specialized security software to manage user credentials
5. Cannot actually verify the identity of the remote user
Failure to check who is using an account can lead to unauthorized access to an organization's critical assets. If a telecommuter's account credentials are compromised, security personnel must have a way to prevent cybercriminals from accessing the organization's assets. Multi-factor authentication (MFA) is a time-tested method of ensuring that more factors than just passwords are used to authenticate users trying to gain access to an organization's network. When MFA is enabled, it becomes much more difficult for cybercriminals to use stolen credentials. If an enterprise organization wants to more effectively guarantee the authenticity and credibility of the visitor's identity, it should fully study and understand the technical concept of zero trust, and consider implementing a zero trust security architecture in the organization.
6. Misconfigured communication network
Researchers have found that failing to properly configure corporate networks is also a significant contributor to many security threats in telework scenarios. At the 2022 RSAC conference, cybersecurity expert Paula Januszkiewicz listed "misconfigured network communication services" as the top cause of cybersecurity incidents due to remote work, and according to a report from Titania, network misconfiguration costs organizations 9% of revenue. To ensure that an organization's network systems and security tools are properly configured, enterprises should audit and control the operations of operations personnel, such as installing a user activity monitoring solution.
7. Lack of network segmentation
Cybercriminals have more access if an organization's network remains an interconnected whole. By leveraging network segmentation techniques, you will effectively limit your exposure to cybersecurity incidents and give your organization greater control over who has access to what. By using devices such as bridges, switches, and routers, a network can be divided into multiple subnets, each of which can operate as a separate business network.
By isolating systems and services from each other, security professionals can prevent a few idiosyncratic security breaches from turning into major cybersecurity incidents with serious consequences. The more obstacles cybercriminals encounter, the more likely they are to give up. Therefore, enterprises should consider restricting communication between the organization's network, which will help the organization limit unauthorized access to sensitive systems and data. Not only can organizations physically segment networks with the help of routing devices, but they can also use software to logically segment networks.
8. Unprotected employee home environment
The root of many cybersecurity incidents is remote workers not using the right tools and measures to protect their home office environment. Once you have a remote access policy (RAP) in place, make sure all telecommuters are effectively adhering to it. the
To ensure the environments employees connect to are secure, security teams need to provide them with a checklist of what they should be doing and what cybersecurity mistakes they need to avoid. This remote work safety checklist will typically cover the following basics:
Application use: Provide employees with a list of secure applications and ensure employees have installed necessary software and operating system updates;
Use of personal devices: tell employees that they should try to avoid using personal devices for telework, and establish safety rules when using telework devices, for example, employees must keep their work devices away from their families;
Password management requirements: Let employees develop the habit of using passwords safely, such as updating passwords regularly, using different passwords for different accounts, and ensuring that passwords are of appropriate complexity;
Network Security Guidance: To educate remote employees on the proper use of antivirus, VPNs, and other security tools, it is important that employees secure their home Wi-Fi and avoid using public networks for remote work;
Email security: Businesses should educate employees about social engineering attacks and how to avoid falling victim to them, and ensure all telecommuters use corporate email only to send and store work-related data.
9. No cybersecurity awareness training
If telecommuters don’t believe cybersecurity is important, they risk forgetting, ignoring or even undermining key security processes. Businesses should make it clear that all employees receive regular cybersecurity training to prepare remote workers for the latest cyber threats. With training, telecommuting employees will be more likely to remember and use the organization's security recommendations. Therefore, ensure that there are sufficient examples of cybersecurity incidents, especially cases of phishing attacks and their consequences. If possible, employees should be exposed to various security threats and attacks that may occur in the organization.
10. No Telework Security Response Plan
The longer it takes security staff to detect, respond and remediate cybersecurity incidents, the more damage cybercriminals can do to businesses. Without a remote office security incident response plan formulated in advance, enterprises will lose valuable response time when encountering sudden attacks, which will also lead to more loss of assets and goodwill.
An Incident Response Plan (IRP) can act as a cybersecurity “lifeboat” by outlining the immediate and specific steps security personnel should take when a threat is discovered. A valid IRP should contain:
- Indicators of cybersecurity incidents;
- Descriptions of the most common security incidents and corresponding response scenarios;
- A list of employees included in the incident response team and their responsibilities for taking action in the incident response;
- recovery and incident investigation measures;
- Liaise with stakeholders and regulators, notify about incidents, etc.
No comments yet