As a result of the normalization of remote work since the pandemic, cyber incidents involving teleworking have skyrocketed, highlighting the need for all parties involved to implement additional security measures to avoid (or minimize) security incidents.
For businesses, it's important to keep in mind that today's security perimeter is somewhat diffuse, with servers in different cloud networks from different providers or employees working from all over the world (homes, hotels, cafes, etc.). Furthermore, we tend to worry about technological threats (vulnerabilities, misconfigurations, etc.), when we should be primarily concerned about identity theft: for an attacker, it takes much less time to steal a credential (they sell them by the pound on the Dark Web) than it does to identify a vulnerability, exploit it, and leave no trace.
Avoid cyber incidents with basic measures: Double authentication factor
Therefore, one of the first measures to implement is two-factor authentication. This way, even if the credentials of one (or more) employees are compromised, attackers won't be able to access corporate resources without having the employee's card or phone number on hand (to avoid confusion: never use SMS as a second authentication factor).
Using VPN to increase security when working remotely
A good way to protect server access, albeit a traditional one, is to use a VPN: it encrypts data, allows user identity verification, and even verifies that the client (the employee's PC) complies with a series of security measures.
Implementing Zero Trust in Remote Work
What else do we need? Well, we need to constantly verify that the user is who they claim to be and that they have access to the resources they're trying to access. This is where the concept of Zero Trust comes into play: not only must we verify the user's credentials and that the device complies with corporate policies, but we must also constantly monitor the employee's actions. If we also microsegment the corporate network (without forgetting the traditional onion model: DMZ, server network, employee network, etc.), we'll be perfect.
Proxy as a cybersecurity measure in teleworking
Continuing with the ethereal nature of the perimeter, why would we send all browsing traffic through a VPN, process it on-premises, and then send it back to the Internet? Let's use a cloud proxy to streamline policies and make it convenient for employees: this way, we prevent employees from using other means to access the information they were trying to view (or share), while ensuring the security of corporate information.
And finally, the well-known (hopefully, by now) EDR/XDR: global outages aside, signature-based solutions have little to do against today's threats, so having a solution that identifies anomalous behavior is the least that can be expected today.
In the case of employees, a number of measures can also be implemented to improve corporate security. What if a cybercriminal decides the best way to access corporate resources is by targeting a specific employee?
Remote work using WPA3
Whenever possible, you should always use wired connections: WPA3 is not yet widely implemented (or is used in compatibility mode with WPA2). If your risk appetite is low, a good security measure is to use wired networks.
Dumpster diving prevention
Let's never forget about dumpster diving. Let's avoid printing sensitive information at home as much as possible, and if we absolutely have to, let's destroy it securely.
And, above all, let's never mix personal information with professional information: let's not use personal email accounts, let's not use the same credentials... basic digital hygiene measures, really.
Learn much more about security strategies and threat analysis on our blog. Professional Master in Cybersecurity, Ethical Hacking and Offensive Security.
