March 27, 2020

The coronavirus pandemic has brought us to a watershed moment in cybersecurity, as institutions have moved in a matter of days to “work from home” on a scale we’ve never seen before. Hackers have been right at workers’ heels in this move.

Many organizations are not currently prepared to ensure digital security in the push to large-scale work from home. Home computers with weak passwords and poorly secured wifi setups were never intended to be an institutional backbone. They are simply unable to provide the network and data security employees need.

This blog looks at the challenges of traditional security set-ups for remote workers and offers seven key points to consider when reviewing alternative approaches.

Security issues with VPNs and remote desktops

Virtual private networks (VPNs) and remote desktops are the most obvious choices for doing work from home. However, they are frequent vectors of attacks.

VPNs

VPNs allow remote workers to communicate and share files and data through secure “tunnels” to their enterprise network and servers and back. But VPNs are cumbersome to set up and manage, and are vulnerable to malware—both from the remote workers’ home networks to the enterprise network, and vice-versa. The cybersecurity firm Radware recently reported that over the past year, enterprise VPNs have become the attack vector of choice for ongoing attacks from advanced persistent threat (APT) actors.

Remote Desktops

Remote desktops allow home computers to act as a “window” into a remote computer either at the workers’ organization or in the cloud. Like VPNs, remote desktops are cumbersome to set up and manage. And they’re expensive too. Remote desktops’ particular vulnerabilities include password and admin attacks, keystroke loggers, and ransomware.

Maintaining security when employees work remotely

As organizations look beyond VPNs and remote desktops to protect their emails, files and data, the following considerations should be top of mind.

Enterprise and home networks: Enterprise and home network systems need to be protected.
Email and file security: Email and files that belong to the enterprise need to be secured. Doing so starts with delineating, or separating, work communications from regular day-to-day emails and files.
Accessibility via mobile devices: Secure, work-related emails and files need to be accessible via mobile devices including phones and tablets, and on home computers including Macs and PCs (Windows).
Eliminate password-based authentication: Employees working on their own home computers or laptops should not rely on passwords to authenticate cloud-based services.
Easy to manage for the enterprise: At the enterprise level, deployment and management of security solutions should be quick and simple. If not, they won’t be used.
Easy to manage solutions for employees: For remote employees, installation and removal of security solutions should be quick and simple. If not, the solutions won’t be used.
Compliance with federal guidelines: Any solution should be compliant with relevant regulations, such as federal guidelines for handling CUI (controlled unclassified information) or ITAR (International Traffic in Arms Regulations), or FINRA and HIPAA in the financial and healthcare realms.

By following these recommendations, organizations can be confident that they are taking important steps to ensure the cybersecurity of their remote workforce.,

Conclusion

It’s important to know, too, that these considerations need not be overwhelming. Solutions exist to help you address all of them and, likewise, minimize the cyber threats that increase with remote work.

PreVeil’s encrypted email and file sharing platform is this very type of solution. It protects data with end-to-end encryption, providing employees with the email and file security they need. It is also available on mobile devices, eliminating the need for passwords. PreVeil is easy to manage for enterprises and employees and complies with many federal guidelines for handling sensitive information.

Please download our new work from home white paper that details how PreVeil addresses the seven key issues for securing your remote workforce.

Download our white paper

Author

Orlee Berlove, reviewed by Noël Vestal, PMP, CMMC RP

Noël Vestal is a CMMC Certified Professional and CMMC RP with over 15 years in DoD IT program management. She implemented the NIST 800-171/CMMC Level 2 compliance program for an OSC member of the DIB. She has her Master of Science (M.S.) in Information Technology and holds certifications from the CMMC Accreditation Body (CMMC AB) as a CMMC Certified Professional (CCP), CMMC Registered Practitioner (RP), CMMI Associate, and holds additional certifications including, Project Management Professional (PMP), and CompTIA’s Security + certification.

Orlee Berlove has been a marketing leader for over 25 years, and is currently the Senior Director of Marketing at PreVeil. She has her Masters of Engineering, Operations Research and her Bachelor of Arts from Cornell University.