How To Secure People And Devices When Working Remotely
The unforeseen scenario, which caused the office space to lose its clear outlines and boundaries, required a quick response and effective measures. The goal was one — to get back to work as soon as possible. Naturally, we faced technological challenges and inconveniences. However, we must find ways to overcome them, because they reduce our effectiveness and confront us with potential threats. In fact, now is a good time to rethink some of the decisions we made regarding cybersecurity during remote work. Today, our goal is to create a secure work environment, no matter where it is located.
The fundamentals remain the same. We have a corporate network, devices, applications, and data. The difference is that most devices are mobile and are outside the corporate network. They also have been joined by new ones – personal laptops, tablets, smartphones, and workstations. At the same time, they need access to applications and data, which is only possible in or from the corporate network.
An essential condition is that our security measures create obstacles not to our workday activities, but to malicious interferences. Moreover, they must require minimal effort and merge with the work process. Otherwise, we risk them being bypassed.
We will divide this task into two parts. In the first, we need to make sure that we can trust the devices and the people in front of them. In the second, we must provide them with secure and reliable access to those applications and data that they need to perform their work duties.
Devices and people
Our main goal is to make sure that the devices are secure and that the people who use them are those who they say they are.
Check devices
One of the conditions is that devices meet our minimal security requirements. Examples are an up-to-date operating system and regular application of software updates. The devices must be locked and the data in them encrypted. For example, we can check whether a device is being used in Sofia or in a reasonable proximity to an expected location.
If these conditions are met, we assume that we can trust the devices. But that is not enough.
Confirm people’s identities in front of devices
We are increasingly convinced that the password is not an effective method for cyber protection. Especially when it is simple or when it is so complex that it is written on a piece of paper and stuck to the computer.
That is when Multifactor authentication comes to the rescue. With it, in order to get access to the corporate network, e-mail, CRM or ERP, for example, we have to provide something else that only we have – for example, to enter a one-time dynamic code or to scan our fingerprint.
Keep browsing secure
When devices leave our corporate network and its security measures, they enter a potentially hostile environment — they can come across malicious and misleading sites (phishing) or mistakenly execute malicious code that presents itself as a known application or document. And these threats are dynamic — they change so fast that they manage to deceive the antivirus software that relies on historical knowledge about them.
One of the solutions lies in the basic principle on which the Internet operates. When we want to load a webpage, our browser asks for instructions how to get to it. By standing in the way of these instructions (with security on a DNS level), we can easily deny access to unwanted and potentially dangerous places on the Internet.
Secure and reliable remote access
Until recently, situations in which we had to connect to the corporate network remotely were the exception or affected only part of the people in the organization. And when we all had to depend on this feature, it turned out that we could not provide the necessary capacity — we have more devices than the service can handle, or our access is regularly slowed down by insufficient bandwidth.
Increase the capacity of our VPN service and the connectivity
Therefore, our first task is to make sure that our VPN service has the necessary capacity to serve all devices and users in need of remote access to the corporate network. It is often limited due to insufficient resources — physical or virtual — that are shared with other critical services. With a hardware device whose only function is to provide VPN connectivity to the corporate network, we avoid this inconvenience, and in most cases, we get hardware encryption of traffic with higher reliability and performance. An important advantage is that the VPN service is easily integrated into any environment without the need for redesign and redistribution of resources.
Our next step is to check whether the internet connectivity allows us to increase the volume and the current speed towards and outside our corporate network. Our ISP can clarify the issue.
Allow partial direct access to online services
Another important point is that all traffic does not need to pass through our corporate network. There are online services with a special focus on security, that require multifactor authentication and take good care of information security. Examples include Office 365, Google Workspace, Microsoft and Apple software updates. Sometimes the traffic to these services can reach up to 50% of the total traffic. By transferring this traffic directly to the Internet, instead of redirecting through the corporate network, we will significantly alleviate the load of our VPN service.
Secure workplace everywhere
By applying these basic conditions, we can make any workplace both comfortable and secure. Read more about our solution that tackles all the above-mentioned issues, Secure Desk Anywhere, here. It builds on Cisco technology solutions and can be easily integrated into your company.
Learn more about Secure Desk Anywhere here.