Cyber safe strategies as remote working becomes standard

Vincent Goh, Senior Vice President Asia Pacific Japan, CyberArk

Employees have found new, collaborative ways to tackle projects, and along the way, forged even closer connections. Teams have come up with exciting new ideas in virtual meetings, live-chatted through successful product sprints and many even attended virtual bonding sessions together. The physical “water cooler” may be gone to a degree but, thanks to technology, culture and camaraderie have been given a digital spin.

After settling into the new normal, many employees around the world seem to agree that there are upsides to the new working environment. Employees feel connected and productive at home and want to keep the remote work set up for the long-term.

Yet, while many businesses want to enable flexible work models for their employees, securing a distributed workforce, particularly for those requiring privileged access, represents a major challenge. 

- Advertisement -

CyberArk’s Remote Work Study revealed that 78 percent of respondents admitted to having technology issues with connecting to corporate systems and resources. Considering the number of recent breaches linked to remote access systems, it is clear that providing secure and simple ways to access company systems for remote employees is far from a perfect science.

Every remote worker, third-party vendor or contractor requiring access to company networks needs a secure way to get inside. Identity security focuses on securing individual identities throughout the entire cycle of accessing critical assets. This means strong identity authentication, appropriate permissions levels and structured access provisions should be implemented, audited or accounted for to ensure that the process is sound. With identity security controls in place, organisations can achieve seamless integration with their existing technology stack including third-party threat intelligence and DevOps tools. 

Here are some best practices organisations can adopt today to bolster remote privileged access security controls for remote employees and trusted third parties:

1. Start with strong authentication

This may appear obvious at this point, but it bears repeating that the ability to authenticate individual identity – whether a remote worker or vendor – with high accuracy is table stakes for any cybersecurity program today. And for individuals requiring privileged access, it is mission-critical to enforce multi-factor authentication (MFA) any time they require access to sensitive internal resources.

With no shortage of MFA options out there (keys, tokens, push notifications, texts and biometrics, to name a few), what is less obvious is finding a method that is both secure and minimally bothersome for the end-user. Productivity and overall morale hinge on this decision so companies need to choose the right solution.

In an environment where identity has become the new perimeter, devices and apps associated with users can connect to company data, systems, and services. From a cybersecurity perspective, this means that IT teams need to employ an identity-centric security paradigm; one that will allow them to deliver secure access and privilege for any identity to any resource, using any device, from anywhere. 

2. Re-visit Virtual Private Network (VPN) use

VPNs, if not properly implemented and maintained, can be exploited by attackers to gain privileged access to sensitive systems and data. In Hong Kong, the demand for VPNs surged as Beijing proposed stringent national security laws for the financial hub, which could result in cybersecurity concerns. By targeting privileged users connecting from home via VPN, attackers now can skip time-consuming steps in their attack chain process like stealing non-privileged credentials before moving laterally and vertically to escalate privileges. Insecure or misconfigured home routers also introduce risk in the VPN equation – and give attackers an easy way to access corporate systems.

Moreover, home routers often establish a permanent VPN connection, which means anyone on the home network could access company resources. According to our Remote Work survey, 57 percent of remote workers admit to allowing household members to use their corporate devices for schoolwork, gaming and shopping, making attackers’ jobs even easier.

While it is important for businesses to focus on corporate IT infrastructure, it is also important to acknowledge the rising number of attacks on operational technology (OT). Cybercriminals targeting OT systems are aiming to gain remote access and manipulate systems that control and power critical infrastructure.

VPNs are insufficient for these environments and should not be used to provide secure remote access to privileged users, such as operators and engineers. Instead, rigorous security controls must be implemented to secure identities. Access should only be brokered via secure gateways connecting directly to critical targets and every privileged session must be monitored and recorded to reduce risk.

3. Do not mess with people’s workflows

Privileged users – from IT admins to cloud security architects – have a lot to do, and they need to do it fast. They need to be able to log in to their workstations and access systems and applications with minimal disruption. However, in distributed work environments, privileged users often require multiple remote desktop protocol connections each day – and manually establishing connections over and over is a major pain and slows things down.

Remote desktop connection managers can help centralise this process and make life easy on end-users, but they can also create blind spots for security teams. To maintain visibility and minimise risk, remote connection manager should be isolated. Each time a remote connection manager is used to launch a session, the session should be monitored and recorded separately. This removes end-user friction, while giving security teams the information needed to maintain a full audit trail.

In the remote work world, IT teams and security admins are starting to feel the pressure of supporting an “always on” workforce. Solutions with push notifications and the ability for admins to get direct requests on their smartphones can help fast-track end-user demands, while giving admins more flexibility. With the right tools and solutions, IT teams are better equipped in managing securing network access for remote teams.

Finding the right balance between security and business agility takes time and adjustments along the way. While shortcuts may seem harmless, they can potentially open doors for cyber attackers, leading to credential theft, fraud and costly security breaches.

As businesses continue to adapt to this new way of operating, both the employees and the organisation share the responsibility and play critical roles in strengthening the company’s security stance. Organisations should continually reinforce best practices and implement user-friendly tools and policies while employees need to understand and be receptive to those policies.