Off-Network Security and Securing the Remote Workforce

Posted September 1, 2020

Due to COVID-19 and recent cyberattack trends, there has been a drastic surge in enabling and protecting the remote workforce. Organizations are trying to maintain business continuity while quickly enabling their workforce to work-from-home. The reality is that many employees are now handling sensitive data while sitting at their kitchen counter in their pajamas or over LTE connections from the dog park. Employees working on-network from a secure corporate location benefit from both tightly controlled technological and physical security measures provided through the on-premise corporate environment. However, once employees are “on the go” or working from home, they are immersed in environments that bring with them distractions and vulnerabilities which make security more challenging.

The ongoing challenge comes from the fact that digital technology is permeating every facet of our lives. Along with that permeation comes digital risk. As we spend more time online and trust more financial and information assets to the digital world, bad actors also spend more time pursuing those assets online. In the case of work-from-home, the cheese has moved in the security industry. All the security apparatus that has been deployed to physically and technologically protect corporate networks needs to extend to the home network and sometimes even dog parks.

When employees and endpoints leave your security perimeter, you lose a significant amount of visibility and control over their environment. Examples can be as simple as prying eyes looking over your shoulder at a coffee shop for user credentials or sniffing the open Wi-Fi to access your data directly.

The primary threats a remote workforce face as they roam away from the security of a corporate office are:

Malware and Ransomware

Without the protection of your corporate network, remote workers are more vulnerable to zero-day threats and could become infected without your knowledge.

Phishing/Spear-Phishing

Through oversharing on social media, it can be relatively easy for hackers to determine which users are on or off-network and deploy a phishing attack upon those who are least protected.

Lost/Stolen Devices

An employee at a coffee shop is enjoying their espresso macchiato only to glance down and see their laptop bag or phone is missing. If the device was already logged in or authenticated to corporate resources, the thief may easily have gained access to all of your corporate data.

VPN Avoidance

If your VPN slows down a remote user’s productivity, chances are they may avoid using it. If the VPN was your primary means of protection, you just lost it.

Steps to improve off-network security

Scrutinize your business’s plan to continue operations while employees are out of the office
Revise policies to communicate expectations for remote and mobile workers
Teach employees how to avoid falling victim to cybersecurity attacks while working from home
Implement multi-factor authentication using a mobile app
Expand VPN capacity as needed for more remote access demand
Help remote employees enable secure Wi-Fi networks

Assessing Your Off-Network Security

Have you updated your work-from-home policy in the past 12 months?
Have you communicated policy and expectations for all employees now working from home?
Do you need to acquire more phones/laptops to ensure all employees have a sanctioned device?
Do you have enough VPN licenses to issue them as needed?
Does the employee have sufficient remote internet access to perform their job?
Have you identified if remote employees have access to systems or platforms required (such as cloud applications) to successfully perform their job?
Is your company able to provide secure measures to avoid cyberattack risks when working remotely?
Is your IT budget sufficient to deliver the necessary resources?
Do you need to offer remote work security training to your staff?

The task of securely transitioning to a remote workforce can seem daunting, we’re here to help.

Kyle Vinar

Kyle Vinar is Partner / President of Verus Corporation. He oversees all business operations and coaches Verus teams to continually improve on their solutions from client experience to product development and overall solution implementation. He works with all Verus resources to increase efficiencies and excellence in every aspect of their organizational roles. Kyle believes that people are the last real competitive edge that a company can have and constructing a rich culture is a vital step in running a world-class organization. Therefore he strives to create a culture within Verus that allows everyone to show up authentically and grow both personally and professionally, which in turn allows Verus Corp team members to provide clients with top-of-the-line service. Kyle helps balance strategy, capacity, and culture in such a way that has allowed Verus Corp to achieve exponential growth since he joined the company in 2013. One of Kyle’s greatest professional achievements has been in helping lay the foundation upon which Verus Corporation could be named the 2nd Best Place to Work by the Minneapolis/St. Paul Business Journal. Kyle holds a Bachelor of Science in Marketing from St. Cloud State University. He lives in Champlin with his wife and 3 children. He has enjoyed volunteering as a soccer coach for over 6 years and was the former Director of Coaching for Rebels Soccer Club. If Kyle isn’t on the sidelines of one of his children’s soccer games or in the audience of his eldest’s musicals, he can often be found cruising scenic routes on his Harley, in a deer stand, or on the golf course.