Best practices and resources to help secure access to your organization’s systems
The workplace is no longer a "place" and as remote work accelerates, the cybersecurity threats being faced by organizations have also changed. There are many benefits to remote work and as a result more and more companies are accelerating shift and adopting programs to enable their workforce to take advantage of the work life balance and other positive benefits. This shift however does come with new risks and security challenges that are not present in traditional office environments.
So what is so important about access controls, identity and security of the remote workforce?
Cybersecurity threats change when employees work remotely; everything from vulnerabilities in home networking gear to physical controls that are lacking in protection compared to a hardened office location all increase risk. Another threat in this context is the end-user’s need to access and transact sensitive data over public internet connections when remotely connecting to applications and other system resources that exist in their corporate office locations and data centers. If access to that data, those systems or other resources is not properly secured, bad actors can take advantage of lapses in security to compromise and expose that data or to take a more malicious approach and hold that data or the critical systems that process it for ransom. Identity and Access Management security, especially the security of remote access to key resources and data, are paramount to any security strategy and critical for managing IT risk.
Best practices for securing remote access
Remote work often forces employers and employees to adopt a broader set of tools for things like collaboration and remotely managing applications, services and data. This broader adoption of tools and services (often without security in mind) increases the attack surface for bad actors to exploit. In addition to the standard applications that are used in the office, remote workers also may use applications like RDP, Remote Access Tools, VPN clients, and other remote access technologies creating new potential security vulnerabilities if not properly managed and secured.
- Use a VPN for remote access, secured with Multi Factor Authentication.
- Follow the Least Privilege Doctrine and only provide access that people need based on roles and duties. Be sure that system administrators are given separate user accounts for privileged access.
- For organizations that rely on external IT providers, make sure that their remote access tools are secured by more than just a username and password.
- Consider Zero Trust and its application to remote access.
- Consider a Remote Access Security Cleanup or other Remote Security Services offered by LMG Security.
- 8 key security considerations for protecting remote workers (CSO Online)
- 8 Best Practices for Secure Remote Work Access (Security Boulevard)
- Essential Guide to Securing Remote Access (Duo)
- 5 Reasons to Protect your VPN with MFA (Duo)