As workstations move from the physical security of the workplace to employees’ homes, how do businesses maintain the security of endpoints within their organisation?
During the COVID-19 pandemic, the workplace, for many people, has become no more than a section of their dining room table – quite a contrast to the familiar surroundings of the office space and the amenities it provides. Consequently, organisations have temporarily lost a key component of their IT security armour – security of end-points / devices.
The global shift to remote working saw the demand for laptops and mobile devices reach unprecedented levels through March and April. Shortfalls from vendors meant that organisations were forced to purchase hardware that they perhaps wouldn’t have under normal circumstances, as they were faced with a crucial decision: buy or have nothing.
The issue businesses now face is that these devices have left the physical security of the office environment. For organisations where perhaps 20% – 30% of “live” machines were used remotely, suddenly this has become closer to 100%. Office-based users who are used to working from fixed office workstations are now working on mobile alternatives over home-based connections. Naturally, the possibility of threat exposure to the endpoint is increased, meaning security teams need to adapt their approach as security is now the forefront of the IT response.
Security needs to be met with a multi-layered approach to be successful. If restrictions are already established, then the risk of exposure is reduced from the very beginning. When we think back to the Sony Pictures cyber-attack in 2014, part of the report identified that there was little or no physical security put in place. Visitors could walk, unchallenged, into the office-space and directly to ports that were live on the network. For reasons such as this, physical restrictions should always form a part of every security solution, as they contribute towards keeping assets secure and reduce access to corporate networks and endpoints.
At SIS, we adopt the following multi-layered approach when delivering enterprise grade security in a remote workforce:
1. Physical Layer
Now that remote workers have moved away from physical security and controls, it is essential that the right people are setting up devices. If devices are being set-up directly by the end-user, you’re fighting a losing battle.
Enrolling devices on to a Mobile Device Management (MDM) solution is fundamental, as it is ultimately a pre-requisite for additional security layers. When setting BYOD (bring-your-own-device) configurations, your MDM layer should be configured to protect the organisation from malicious content that may already be present on the device. Many MDMs support placeholder accounts for pre-enrolling devices that end users can then subsequently enrol. You should use these placeholder accounts to ensure that only the expected devices are enrolled.
Allowing IT professionals to configure devices also reduces the risk of social-engineering attacks, aimed at enticing users to install malicious software, thinking they are connecting their device to the corporate infrastructure. Zero-touch enrolment simplifies and automates much of the normal enrolment process, and where possible, is our recommendation for deployment (along with a physical inventory/ asset check).
2. Authentication Layer
In technology, we always talk about 2FA (2-Factor Authentication). For those who don’t know what the concept means: authentication is the process of verifying the identity of either a user or a device, before granting access to a program. How often do you use of the same username/e-mail and password when creating accounts? (don’t worry – it’s common). Threat actors and attackers will always look to target weak areas within authentication systems – most commonly by guessing, impersonation or stealing of user or device credentials. This information is then used to gain access to a resource or system. 2FA is a highly effective method which involves adding a security layer to a base set of credentials. By implementing a secondary authentication, such as an app or code verification, the complexity of accessing the account is increased dramatically.
The data compiled by Google below shows how effective 2FA really is, scoring 100% on-device prompt rate against bots and phishing attacks.
2FA is a valuable defence method, but there are no silver bullets against account takeover attacks. Attackers will constantly try to exploit valuable personal accounts until they find something that works. This means that, with devices being used outside of the “core” network, 2FA is even more important to ensure authenticity of login requests across an organisation.
3. Network Layer
Another luxury that we often benefit from, unknowingly, is simply being connected directly to the network. The network hosts applications, provides resources and most importantly enforces essential security policies. If, up until now you have only worked on a corporate device within the office, you have probably also been connected back to the central network the entire time.
Now users are working remotely, a connection back to the network may be deemed unnecessary, as everything you need to work is probably hosted within a range of cloud-based systems such as Office 365 or G-suite. But in reality, when working from the cloud access to our data is, in most cases, not too many clicks away.
Connecting to the central network ensures that devices are constantly communicating back to the core infrastructure in order to:
- Ensure delivery of patching and updates as they released
- Provide a secure connection to system applications
- Protect devices by connecting back to the central domain / network and adopting policies as they are deployed
- Authenticate requests against the network
- Access and integrate with applications that may be internally hosted
- Report and alert back to the core infrastructure so that issues can be identified and pro-actively resolved
Depending on the network architecture, there are several, simple methods for connecting back to the core network.
An AutoVPN solution combined with enrolling in-tune devices is our standard deployment method. Depending on the design, a simple VPN (virtual-private-network) should at least be applied where possible.
With an increase in remote working leading to an increased threat landscape, it’s vital that users and organisations remain vigilant. Security teams are coping with an ever changing internal environment, and with points of entry to systems now more vulnerable than ever – it’s essential to review your internal process to ensure, where possible, your systems, users and organisation are all protected.
If you have any questions regarding the security of your remote organisation, please don’t hesitate to contact us.