How to Secure Your Organization’s Network Following a Remote Work Adoption
The COVID-19 disease, now observed in a significant number of countries, has opened a new awareness to remote work for workers and employers wanting to avoid physical gatherings.
What Is Remote Work?
Remote work is the practice of working for an extended period outside the formal office. This practice, also known as telecommuting, teleworking and work from home, is nothing new. Fast internet connections, high-speed computers and more sophisticated applications have propelled the growth of remote work.
Data from Canada’s General Social Survey (GSS) in 2016 showed that 2.3 million paid workers or 12.7% of the total workforce of Canada telework at least an hour a week. Out of the total number of Canadians who work from home for the said period, more than 500,000 workers work for more than 15 hours per week.
The GSS data also showed that teleworking could continue to grow over the 2016-2021 Census cycle and beyond. Teleworking in Canada is linked to occupations that are most connected to the knowledge economy. GSS data showed that 36% of workers in the management sector telework, 24.3% in the education sector and 21.7% in nature and applied science sector telework.
While remote work has been used for years by many organizations, this hasn’t been widely adopted. COVID-19, however, which started infecting people in China and has spread to other countries, has prompted workers and employers to consider remote work, especially in the event that the government imposes a home quarantine.
Cybersecurity Measures for Remote Work
If left unchecked, remote work poses security risks to your organization’s network. These security risks don’t necessarily be from a malicious remote worker. Security risks could also be a product of negligence on the part of remote workers and employers. Security risk arising from poor IT infrastructure for remote work is one of the biggest contributors to data breaches.
Here are some of the preventive and mitigating measures in order to protect your organization’s network, following a remote work adoption:
1. Practice Network Segmentation
Network segmentation is the practice of dividing a network into sub-networks. In the context of remote work, workers could either have access to your organization’s network or none at all.
Some workers, for instance, don’t need to have access to your organization’s network to work for your organization remotely. This way, your organization’s network won’t be put at risk for the malicious and simple negligence of remote workers.
Some workers, however, by the nature of their jobs, need to have access to your organization’s network while working remotely. To protect your organization’s network from both malicious and simple negligent actions on the part of remote workers, network segmentation is essential. Network segmentation ensures that if any untoward incidents happen, for instance, in a particular sub-network, other sub-networks, especially those critical to your organization’s operations won’t be affected.
2. Use VPN
VPN, short for virtual private network, allows remote workers to access your organization’s resources and applications through a secure and private network. It’s important to choose only the best VPN vendor as there are those that are fly-by-night especially in the area of security. Choosing the wrong VPN vendor could even lead to data breach perpetrated by an unscrupulous VPN vendor.
It’s also important to update your organization’s VPN to the latest version. Software updates, also known as patches, typically contain updated code that fixes the previous code that exposes a particular security vulnerability.
In recent months, security vulnerabilities have been discovered in the top or highly rated VPN products. Even as vendors of these VPN products have released security updates for these products, customers haven’t applied these security updates.
In September 2019, the Canadian Centre for Cyber Security issued an alert to local organizations about the active exploitation by malicious actors of VPN vulnerabilities in the top VPN products, including Fortinet Fortigate VPN, Palo Alto GlobalProtect VPN, Pulse Connect Secure and Pulse Policy Secure VPN.
In Fortinet Fortigate VPN, one of the security vulnerabilities found was a backdoor (CVE-2018-13382) that could allow an unauthenticated user to change VPN user passwords. In Palo Alto GlobalProtect VPN, the security vulnerability named CVE-2019-1579 allows a remote, unauthenticated actor to execute arbitrary code on the VPN server. In Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products, the security vulnerability named CVE-2019-11510 allows a remote, unauthenticated actor to view cached plaintext user passwords and other sensitive information.
Fortinet Fortigate, Palo Alto and Pulse Secure have all patched the above-mentioned security vulnerabilities. Even with the availability of the said patches, some organizations have failed to apply these patches.
In the case of vulnerability CVE-2019-11510 in Pulse Secure VPN, Volexity reported that it has observed multiple attackers exploiting this vulnerability even in networks, whose remote access is protected by two-factor authentication (2FA). It’s, therefore, important to apply VPN patches to keep your organization’s network safe.
When configured correctly, up-to-date VPN products provide remote workers’ safe access to your organization’s network. Aside from providing remote workers’ safe access to your organization’s network, VPN also allows staff in branch offices to access your organization’s resources and applications in a secure manner.
When you need help to securely configure and support remote workforce across Canada and the US, leave nothing to chance. Out experts have years of experience supporting remote workers and road warriors.
Call today (416) 920-3000 for a free assessment or email us at firstname.lastname@example.org