We’ve heard a lot about the drastic measures that organizations in North America and Western Europe are taking to protect their employees against the coronavirus. But as we all know, COVID-19 is a global pandemic. Organizations all over the world now find themselves in a position where they need to take action on their policies and procedures.
Take the Middle East, for instance. On March 11, CNBC reported that Google told all of its employees in the United Kingdom, Europe, the Middle East and North Africa to work from home until further notice. This was just a few days before Arab News covered the decision of many Middle Eastern governments to ask that their employees begin working from home.
These decisions will certainly help protect the physical health of those Middle Eastern entities. Unfortunately, they also carry the unforeseen challenge of securing these newly remote workers. They need to take action because attackers are taking advantage of the fact that many people who are newly working from home have not applied the same security on their networks that would be in place in a corporate environment. They’re also targeting enterprises that haven’t deployed the right technologies or corporate security policies to ensure that all corporate-owned or corporate-managed devices have exactly the same security protections regardless of whether they’re connected to an enterprise network or an open home WiFi network.
Let’s examine some ways that your organization can counter these risks posed by attackers.
Serious Considerations for Remote Working
Individual users must be empowered to follow the guidance provided to them by organizations and respond by taking preventative measures. To that end, organizations need to make sure that employees’ laptops that are connected to the corporate infrastructure are hardened and following foundational security hygiene practices. These include implementing security controls found in hardening standards such as CIS, ISO27001, UAE IA, NIA, and NCA.
For instance, now would be a good time for organizations to review their vulnerability management programs to ensure that their employees’ workstations are protected against known security flaws. This program should conduct regular vulnerability scans across all remote workstations and report these scans’ results back to the organization. Security teams can then use those results to create a patching schedule based upon the priority of affected devices and the criticality of the vulnerabilities identified. They can then coordinate with device owners to close these security flaws.
Tripwire’s vulnerability management solutions provide complete visibility over organizations’ environments including their OT and IT assets. These tools allow organizations to scale their vulnerability management programs to fit their security needs, and they’re capable of generating vulnerability reports analytics so that organizations can address their needs accordingly. Learn more here.
The Importance of Using a VPN
A VPN makes it possible for the worker to access IT resources within the organization and elsewhere on the internet. As such, it is an important component in the toolset of any organization with remote workers.
However, enabling seamless access to your corporate network via a VPN and detecting unauthorized changes on a VPN device becomes a key security challenge. There is a need to strengthen your perimeter using security tools to identify and deflect threats before bad actors can intrude. It’s also crucial to monitor remote access management policies and procedures to tighten up network access.
For those who are specifically leveraging a VPN to access Virtual Desktop Infrastructure (VDIs), it is important to control not just the VPN gateway (ensuring that change monitoring tools record changes to the gateway’s configurations) but also your VDIs themselves, whilst ensuring your existing change audit coverage protects the infrastructure to which your remote users have access.
Similarly, with published applications, you should give some thought to prevent tampering with management infrastructure through your application publishing servers. These assets provide a key entry point into your network. Therefore, it’s important to place the right security controls around these servers.
Finally, for those who are using VPNs for direct access to corporate network resources, mitigating the risk of end users tampering with files and configurations becomes even more important given the possibility that they could introduce novel ways of accessing resources with untrusted applications. For example, ensuring you are tracking user behavior via your VPN device (correlating this data along with your FIM application in a suitable SIEM) can help you detect where potential risky behavior is occurring.
At the end of the day, without the right security and access controls enabled on VPN devices, personal devices that are used by employees to access work networks can leave businesses vulnerable to compromise. Indeed, a user who never received the permission to access a critical server potentially now has access and is therefore privileged to make critical changes on the business-critical application configuration files.
Managing Change in Your New Environments
Most organizations have adopted change control processes. Some do it manually, while some use an IT service management tool. Either way, it’s critical to ensure that you are enforcing these controls, as it guarantees that the user who makes changes on a critical server/network security device has followed the change management process. It also prevents any changes from becoming a big security concern.
Leveraging tools like Tripwire Enterprise can specifically help you to detect changes and then validate those modifications against your service management tools. These efforts allow you to close up risky gaps that could otherwise appear over time. With these controls in place, you can safeguard critical systems and prevent good employees from making bad changes.
How important is it for employers to ensure no unauthorized changes are being made during a time when many if not all of their employees need to work from home and connect to corporate resources via a VPN? To answer that question, consider what would happen if we didn’t monitor our critical systems for changes made by those who circumvent change control. This lack of visibility could very well allow a security incident to develop.
Tripwire Enterprise will detect changes to systems and integrate with IT service management solutions to help validate those requests. It will also detect unauthorized changes to network IT assets such as firewalls, routers, switches, and VPN (virtual private network) devices. To learn more about how Tripwire Enterprise can help your organization provide an adequate level of security to its remote workforce, click here.