Connectivity for Remote Work
Remote Work: Tackling the Security Risks
The security risks related to remote work are shockingly high. For example, a study on cybersecurity from HP in collaboration with KuppingerCole shows a 238% increase in global cyberattacks during the pandemic. There are multiple reasons for this: remote workers spend more time on the internet, use their work devices as personal devices, download more content, and socialize more, exposing themselves to online hacking, phishing scam emails, and malware. When such security issues result in data breaches, the costs in time, money, and productivity to organizations are very high.
According to IBM's cost data breach report 2021, the cost of a data breach increased during the pandemic. According to this report:
- The average cost of a data breach rose by nearly 10% year over year, which is the highest single-year cost increase in the last seven years.
- The average cost was $1.07 million higher in security breaches where a remote workforce was a factor in causing the breach compared to those where remote work was not a factor.
The bottom line is that every remote worker's office has become a remote branch that needs to be protected. What can organizations do to mitigate the risks?
Four Steps to Remote Work Security
Organizations must provide and make mandatory security education. Unfortunately and sometimes with costly and disastrous consequences, organizations overlook this requirement, erroneously assuming that remote employees are already educated about the essential security best practices. That is not the case. Hackers & cybercriminals employ sophisticated techniques and new social engineering methods, and devise innovative phishing practices to deceive employees into visiting malicious websites, downloading files or leaving sensitive information online.
The first step is to educate employees about security best practices. The training should cover understanding their role and responsibilities related to organizational security policy and procedures. Above all, the education must provide them with the information about how hackers are using new methods to exploit vulnerabilities in security.
Zero Trust Network Access on the Edge
Zero Trust Network Access (ZTNA) is an approach to network security where everything is denied by default. Nothing is trusted, and every user and application must be authorized before accessing specific resources. This kind of authorization is needed every time a user needs access, irrespective of whether or not the resources have been previously used.
The ZRNA approach is better than virtual private networks (VPNs) as VPN fails to provide granular network protection. Traditional VPNs are based on trust models; if a hacker gets access to one part of the corporate network, it is easier to exploit and access other parts of the network. If the hacker has made it to the inside of the network, he is already safe and can potentially become more disastrous. With the ZTNA, the user and device are validated, and only authorized users/devices can access the network. Anyone else will be blocked entirely.
The traditional ZTNA is implemented on-premises, which necessitates backhauling employee traffic to a central place for processing. It is recommended that ZTNA be seamlessly integrated with the edge device, for example, 5G routers, so granular controls can be applied right at the edge where traffic originates rather than backhauling the traffic.
Intelligent Segmentation on the Edge
Traditionally, a home network and corporate user share a single Wi-Fi network. If a corporate user's device acquires malware, a VPN back from the same device to the corporate network can also potentially risk the corporate network. The solution is to have segmentation by keeping the corporate network completely separate from the home network. This is done by extending corporate Wi-Fi to the home so the employee can connect without needing a VPN. The 5G edge router in the home segments and broadcasts multiple SSIDs, one for corporate and the other for private use in the home. The router can then create a secure tunnel back to the corporate network, eliminating the need for building a VPN from the client station itself.
This kind of intelligent segmentation on edge has multiple benefits. The primary one is a secure network for a corporate user unaffected by the users and devices on a more open and insecure home Wi-Fi. It also brings quality of service prioritization benefits, For example, the 5G router can prioritize the corporate traffic from noncorporate traffic once congestion starts, ensuring that a corporate user always gets a better user experience.
Security can be compromised no matter how secure a corporate network is if the employee clicks malicious links. Even if an employee is vigilant about monitoring email and websites there is a probability that a user will make mistakes that can lead to the download of malware, which can prove devastating for the organization. Once malware spreads through the network, it can steal, hijack or corrupt corporate sensitive data.
DNS based content filters can help protect against the risk of downloading malware. They can help reduce the risk of phishing attacks, thus enhancing security. Once a user clicks a link in an email, DNS filtering services check the URL against the known malicious URLs and if it matches, blocks access to the site.
With work from home now being an integral part of the corporate work culture, organizations when envisioning their security requirements must include, address, and counter the cyber security risks for employees’ home offices. Addressing remote security is not an option; it must be taken seriously. If not, it can cost an organization time, money, and productivity.
Inseego’s 5G Edge: This blog is sponsored by Inseego. Inseego provides intelligent 5G edge solutions that enable ZTNA and network segmentation with distributed and granular security control designed exclusively for 5G networks.