“We’ve always seen this evolution of training our users to be looking for spam attacks and stuff along those lines,” he said, “but they don’t know how to actually defend things on a foreign network or on a home network. That’s really an area where you’re making sure that user awareness and user education needs to be at the forefront.”
Weiss added that many of these workers have had limited access to remote work in the past, logging in only periodically to check emails or complete quick tasks. As a result, they may not be aware of the security requirements that come with remote work.
This means “taking that step back and making sure that they are aware and educated on how to utilize different tools and … be more effective as well,” Weiss said.
2. Improve Your Visibility into Remote Endpoints
In an office environment, it’s fairly simple to limit the amount of access that an external device has to a given network through traditional endpoint security measures. This can be more difficult in a remote environment, but it’s possible, said CDW Cybersecurity Practice Lead Ziyad Roumaya.
“I feel like our customers sometimes forget about the remote endpoints that they have out there, and I think it’s extremely important that they start looking into some visibility aspects of that, and they can do that a number of different ways,” he said.
Experts discuss what businesses should prioritize for remote work security.
Roumaya suggests that customers start with firewall VPN agents, which allow companies to do posture checks and offer ways to gain visibility into how the network is being used.
“We also implement a lot of [network access control] solutions to gain visibility and posture as well so we can do posture checks for devices that are connecting into the VPN environment,” he said. “We can also rely on some of our next-generation endpoint solutions to help with that.”
3. Take a Proactive Security Approach
With a larger potential attack surface, it’s important to move past a defensive posture and take a proactive security approach, explained CDW Cybersecurity Practice Lead Jeff Falcon.
“This doesn’t just mean taking a vulnerability snapshot from a set of external-facing IPs or just conducting a wireless internal segmentation assessment,” he said. “This is really a comprehensive snapshot of everything that’s happening: all remote connections, all critical assets, users that are connecting to remote systems from various locations around the globe.”
One strategy Falcon suggests is using threat-hunting workshops to determine how a malicious actor might break into a system.
“Threat hunting workshops are a great way to engage a partner, or even proactively on your own prescribe those exercises where you’re going to find those areas of vulnerability within the organization as if it were an actual determined adversary,” he said.