Navigating network security for the remote cybersecurity workforce
As we approach six months of the grand remote working experiment (i.e., the pandemic), one of the most glaring weaknesses to corporate network security has become obvious: the end user working from home. Striking a balance between good security and steady workflow is already difficult, let alone the additional challenges of remote work.
Although no remote access setup is perfect, implementing a reasonable degree of security is possible. This post discusses what your business can do to successfully address these challenges–both on the user and network fronts.
Where to start
Whether your employees access your network in the office or at home, here are five key areas you can target to improve security.
1.) User Education
The easiest means to combat user vulnerability is through education. Simply put, get the user thinking in a security mindset.
You wouldn’t allow someone to look over your shoulder at work. So, why let someone have a full view of your monitor when working from home? Also, help users remember to get into a good habit of locking their computer every time they leave their desk, both at work and at home.
The comfort of home makes it easier to forgo common security practices; be sure to limit your access of work resources to times when users are on a known network.
2.) User Behavior
Another way to contain user activity is to directly identify and verify user behaviors across your network. Doing so ensures behavior is mirroring those of their normal day-to-day activity.
User-based analytics can shine here as it can bring to light anomalous behavior. Specifically, collecting metrics for a user’s ISP, physical location, and local host credentials can all assist with this endeavor. User-based analytics can also be applied to newly-founded remote workers, but time and due diligence is required.
3.) Network Hardening
There are a variety of ways to harden the network to protect information and users alike. A few no-nonsense ways to harden user access include:
- Use of a virtual private network (VPN)
- Deploying two-factor authentication (2FA)
- Determine remote desktop network access and command line access
If you’re looking for further information on Coronavirus cybersecurity recommendations, and specifics on VPNs and other security best practices, check out my coworker Tony Robinson’s blog post for more.
4.) Administrator Responsibilities
There are many considerations for admins managing a network, but ultimately the responsibility for hardening your network can only originate from you.
When things like physical hardware issues arise, for example–and they certainly will at some point–it’s your job to handle broken hardware when physical access may be limited. As an administrator, you also need a plan to enforce security methods, such as 2FA, and ensure access and tools are only occurring through company-approved methods. Set blackout hours if necessary to alert on or limit access for users outside of their normal work hours.
The best recommendation I can make is to have a plan and have it well-documented. Chances are you already have some, or all, of this in place. Look at your Disaster Recovery Plan and other contingency plans–solid documentation can make it simple to address issues as they arise. Additionally, this disaster is a good time to hash out any issues with existing plans and documentation.
5.) Don’t Reinvent the Wheel
Jobs across the IT field are uniquely situated to handle remote work as many companies already have employees working from home. Even those without usually have methods to address users accessing systems remotely, albeit typically from an internal network.
Make sure you’re tapping into the existing remote access methods you already have in place. It’s best not to reinvent the wheel if you already have one.
Network administration is a careful balance between what is acceptable to you and your corporation while still maintaining functional workflow. Many of the topics addressed will appear as no-brainers to most across the infosec field. However, some of these simple tasks are easily overlooked and can come back to bite you during times of stress. By addressing these issues now, you will have the opportunity to give lasting, meaningful changes to your network security.
About Hurricane Labs
Hurricane Labs is a dynamic Managed Services Provider that unlocks the potential of Splunk and security for diverse enterprises across the United States. With a dedicated, Splunk-focused team and an emphasis on humanity and collaboration, we provide the skills, resources, and results to help make our customers’ lives easier.
For more information, visit www.hurricanelabs.com and follow us on Twitter @hurricanelabs.