Securing a Remote Workforce

A Quick Guide to Keep You and Your Employees Protected

Employer Perspective

FBI reports 300-400% increase in cyber attacks since the pandemic began.

U

Review overall IT setup – network, VPN configurations, devices, ports, etc.

95% of cybersecurity breaches are caused by human error. – IBM

Require employee cybersecurity training.

“As organizations use VPNs for telework, more vulnerabilities are found and targeted by malicious cyber-actors” – Alert by US Department of Homeland Security

Heighten security on VPN connections and remote access.

Mandated password policies and strong protection measures.

80% of hacking-related breaches involved compromised and weak credentials.
– 2019 Data Breach Investigation Report

Establish multi-factor authenticationon remote sessions and monitor remote activity

Phishing is the top attack on businesses – responsible for 90% of security breaches. – 2019 Data Breach Investigation Report

Update security software to protect against phishing emails and ransomware.

Over 70% of data breaches occur at endpoints. – Security Magazine

Setup proper firewall configurations and endpoint protections.

Distribute company-issued devices secured and controlled by IT or implement BYOD policy.

Backup data in a centralized cloud to allow for team access while managing and protecting data.

The average lifecycle of a breach is 314 days from the breach to containment. – IBM

Prepare a cybersecurity events plan to quickly deploy remediation measures.

Employee Perspective

Google blocks 18 million COVID-related phishing emails daily.

U

Be aware and stay vigilant – much greater threat landscape for phishing scams.

Secure home WiFi routers and change default equipment passwords.
Lock all devices.

66% of people use the same password on multiple accounts. – LastPass

Create hard to guess logins and passwords – do not use the same credentials for accounts.

Only 37% of people use MFA at work. – LastPass

T

Set up multi-factor authentication.

Almost 60% of data breaches in the past two years were caused by missing patches. – The 2020 Cyber Hygiene Report

Follow all company policies, pay close attention to IT notifications and install updates, immediately.

Access and save data in company file storage system, such as SharePoint.

35% of exploitation activity stem from man-in-the-middle attacks. – IBM

Avoid working on open WiFi networks and create a guest WiFi network if you are sharing your internet in your household.

5 Security Concerns for Remote Workers

What security flaws are exposed when a user moves from a secure corporate office network to their home – either as part of a WFH initiative or global pandemic?

HOUSEHOLD INTERNET

Employees in office are protected by the company network’s firewall; employees working from home typically rely on weak or non-existent ISP network protection.
As a result, employee devices can become infected, moving laterally and potentially infecting corporate devices on the network.

Require VPN access back to the corporate network for internet trac, helping security and bandwidth. All employees should change home networking equipment’s default password.

PERSONAL DEVICES

Employees using personal equipment such as PCs, tablets, phones, etc. can quickly become an attack vector and security risk. Without the security software issued on corporate devices such as endpoint protection, VPN, DNS filtering, etc. all sensitive company data passing through that device is at risk.

Mobile Device Management (MDM) allows IT to remotely control, update or wipe devices. MDM solutions can be used on company issued devices (helping with management and billing) or for BYOD.

INADEQUATE AWARENESS/TRAINING

Majority of all breaches come from an end user clicking on something they shouldn’t. Being out of office, IT is not just a few steps away to quickly quarantine a compromised device.

Proper training and awareness are even more important. Employees need to know what to do should they suspect a device has been infected or when a device is lost/stolen.

EMAIL SECURITY

The same vein of protecting users from themselves, employees can easily fall prey to phishing scams or impersonating emails.
Email security solutions integrate with SaaS mail services such as Office365 or G-Suite to safeguard email attacks.

IOT DEVICES
Today’s houses are filled with smart devices – light bulbs, fridges, TVs – all connected to the internet. IoT devices have a long way to catch up with necessary security and introducing a corporate device onto a network shared with IoT devices can be dangerous.

This is where network segmentation through two connections, VLANs, VRFs, etc. can ensure the trac stays separate.

Infrastructure to Support Remote Work

INFRASTRUCTURE AT THE HOME

HOME CONNECTIVITY
  • Upgrade your internet speed to improve both downloading and uploading information.
  • Get a second connection only for business to avoid contending with other users on the network.
  • Use a small at-home SD-WAN appliance to significantly improve performance even on a single connection. Doing so will help:
    1. Prioritize outbound business traffic vs household traffic
    2. Load balance across two connections for better performance
    3. Improve edge security (if the SD-WAN appliance supports it)
    4. VPN access back to the corporate network leveraging corporate’s firewall and infrastructure
    5. Improved VPN performance by using all available bandwidth
PERSONAL DEVICES
  • Endpoint protection is must-have software on any device. Protect against viruses and malware without the luxury of a next-gen firewall. (Although Windows Defender has improved, it is not a substitute for enterprise-grade corporate endpoint solutions.)
  • Add-on to endpoint protection with DNS Protection, providing a safety net from clicking malicious links or websites by filtering out known threat sites and signatures.
  • Utilize VPN access if corporate firewalls are in place. Enterprise firewalls are significantly more powerful than anything an end-user will have at home and helps enforce corporate security policies wherever work happens.

INFRASTRUCTURE AT THE OFFICE

OFFICE COMMUNICATIONS/COLLABORATION

UCaaS/CCaaS eliminates equipment requirements and the need to update configurations. Outside of updating E911 to a user’s new location, UCaaS and CCaaS functionality is one of the easiest ways to transition employees to WFH. Desk phones can be used at home or employees can opt for softphone functionality directly off of their computers.

OFFICE STORAGE, BACKUP AND RECOVERY
  • WFH users can easily access cloud-based storage environments over the public internet.
  • Cyberattacks prey on the limited security afforded by remote work. Having a means for rolling back changes, spinning up backups, or protecting against ransomware and malware is essential to maintaining business continuity.
OFFICE SECURITY
  • Routing end-users back to the corporate network through VPN Capable Firewall gives critical protection through enterprise firewall and access to on-prem infrastructure.
  • The latest development in Zero Trust secure networking, Secure Access Service Edge (SASE) provides much greater granularity in the characteristics of a user that authenticates and grants access to the network. Once applications transition to the cloud and users access SaaS programs over the public internet, how are you protecting that traffic? A Web Application Firewall is designed to protect HTTP and filter content bound for the web service, further protecting users accessing over the public internet.
  • Email security that integrates with SaaS mail services such as Office365 or G-Suite protects your corporation from users falling for phishing emails or impersonations.
OFFICE EQUIPMENT
  • During times of crises, hardware like PCs and laptops can be hard to obtain and distribute. Desktop-as-a-service (DaaS), Remote Desktop Protocol (RDP) and Virtual Desktop Infrastructure (VDI) solve this by enabling WFH employees to use their own equipment to connect and access all their business apps. Spinning up virtual machines and virtual servers is significantly faster and more scalable than any physical hardware-based solution, and especially useful as headcount increases or decreases.

PREPARE FOR

DEFEND AGAINST

RECOVER FROM

A Cybersecurity Event

PREPARE 

Identify

Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities as well as a complete picture of the security an organization currently has in place, including physical hardware and software, processes, policies, vulnerabilities, and strategies.

Providers offering solutions to identify risks includes:

 

ASSESSMENTS/PLANS:

Security Assessment, Risk Assessment, Security Policy Assessment, Cybersecurity Assessment, Vulnerability Assessment, Incident Response Plan, Executive Security Strategy/Briefing
360SOC, AT&T, CenturyLink, Corvid Cyberdefense, CyberHat, Flexential, Masergy, Netrio, NuTech Logix, Rackspace, Rapidscale, US Signal, Verizon, Windstream

INVENTORY

360SOC, AT&T, Corvid Cyberdefense, NuTech Logix, Rackspace, RapidScale, Verizon

VIRTUAL CSO

AT&T, CBTS, CenturyLink, Corvid Cyberdefense, Masergy, Netrio, Verizon

PREPARE 

Protect

Once an organization’s needs have been identified, the next step is to develop and implement the appropriate safeguards— hardware, software, staff, and services—needed to achieve the company’s security goals and ensure delivery of critical services. These solutions support the ability to limit or contain the impact of a potential cybersecurity event.

 

Providers offering solutions to protect against cybersecurity events:

MANAGED FIREWALL & INTRUSION DETECTION/PREVENTION (IDS/IPS):
360SOC, Airespring, Allstream, AT&T, BCN, CBTS, CenturyLink, Coeo, Corvid Cyberdefense, EvolveIP, First Comm, Flexential, Fusion, GTT, Hypercore, Masergy, MetTel, NetFortris, Netrio, New Horizon, Nitel, NTT, PCCW, RapidScale, Shaw, Synoptek, Telesystems, TPx, US Signal, Verizon, Windstream, Zayo

ENDPOINT/MOBILE SECURITY:
360SOC, Appgate (Cyxtera), AT&T, CBTS, CenturyLink, Corvid Cyberdefense, EvolvIP, First Comm, Flexential, , LogMeIn, Masergy, MetTel, Mobile Solutions, Netrio, Netrix, New Horizon, Nitel, NTT, Phoenix Nap, RapidScale, Synoptek, Telesystems, TierPoint, TPx, Verizon, Windstream, Zayo

E-MAIL SECURITY:
360SOC, Allstream, AT&T, CBTS, CenturyLink, Coeo, Comcast, Corvid Cyberdefense, EvolveIP, Netrio, PCCW, Rackspace, RapidScale, Synoptek, Telesystem, Verizon, Windstream

IDENTITY ACCESS MANAGEMENT (IAM):
AT&T, Airespring, AppGate (Cyxtera), CBTS, CenturyLink, Corvid Cyberdefense, CyberHat, LogMeIn, Synoptek, Verizon

SECURITY MONITORING (INCL. SIEM):
360SOC, AT&T, CBTS, CenturyLink, Coeo, Corvid Cyberdefense, CyberHat, EvolveIP, GTT, Masergy, Netrio, NTT, Rackspace, RapidScale, Synoptek, TPx, Verizon, Windstream

PENETRATION TESTING / VULNERABILITY SCANNING:
360SOC, AT&T, CBTS, CenturyLink, Corvid Cyberdefense, Flexential, GTT, Masergy, MetTel, NuTech Logix, Nitel, NTT, Netrio, PCCW, Rackspace, RapidScale, Synoptek, TierPoint, TPx, Verizon, Windstream, Zayo

DOS (INCL. DDOS AND TDOS):
360SOC, Airespring, AT&T, CBTS, CenturyLink, Coeo, Comcast, Corvid Cyberdefense, Flexential, GTT, Hypercore, Masergy, MetTel, Netfortris, Netrio, New Horizon, NTT, PCCW, Telesystems, TPx, US Signal, Verizon, Windstream, Zayo

TRAINING:
360SOC, AT&T, CBTS, CenturyLink, Corvid Cyberdefense, EvolveIP, Flexential, GTT, NTT, Rackspace, RapidScale, Synoptek, Verizon, Windstream

DARKWEB MONITORING:
360SOC, AT&T, CBTS, Netrio, NTT, Rackspace, Rapidscale, Synoptek, Verizon

DEFEND

Detect

These solutions are needed to develop and implement appropriate measures to identify the occurrence of a cybersecurity event in a timely fashion.

Providers offering solutions for timely detection of cybersecurity events:

MANAGED SOC/SOC SERVICES:
360SOC, AT&T, CBTS, CenturyLink, CyberHat, Corvid Cyberdefense, EvolveIP, GTT, Masergy, Netrio, NTT, Synoptek, TPx, Verizon, Windstream

THREAT INTELLIGENCE:
360SOC, AT&T, CenturyLink, CyberHat, Corvid Cyberdefense, GTT, Verizon, Windstream

Respond

The development and implementation of appropriate actions such as analysis, containment, mitigation and resolution events that take action and support the ability to contain the impact of a potential cybersecurity incident. This could include reconfiguration, decommission, and implementation of any or all devices, software, and processes.

Providers offering solutions to respond to identified cybersecurity events:

INCIDENT/THREAT/BREACH RESPONSE AND MITIGATION:
360SOC, AT&T, CenturyLink, CyberHat, Corvid Cyberdefense Cyberdefense, Flexential, GTT, Masergy, NTT, Synoptek, Verizon

RECOVER

Remediate

The appropriate activities required to maintain plans for resilience and to return operations that were impaired/impacted by a cybersecurity event back to a steady state. The post-security event activities are necessary to provide documentation, communication, and improvements to existing plans, processes, and systems.

Providers offering solutions to recover from cybersecurity events:

ROOT-CAUSE ANALYSIS:
360SOC, AT&T, CenturyLink, Corvid Cyberdefense, CyberHat, GTT, NuTech Logix, Synoptek, Verizon

PROFESSIONAL SERVICES:
360SOC, AT&T, CenturyLink, Coeo, Corvid Cyberdefense, CyberHat, Flexential, Fusion, GTT, NuTech Logix, Rackspace, Synoptek, TPx, Verizon