Best practices and resources to help secure access to your organization’s systems
Still need help securing access controls after reviewing this article? See the bottom of this page for info about our vCISO Services consultation.
The workplace is no longer a "place" and as remote work accelerates, the cybersecurity threats being faced by organizations have also changed. There are many benefits to remote work and as a result more and more companies are accelerating shift and adopting programs to enable their workforce to take advantage of the work life balance and other positive benefits. This shift however does come with new risks and security challenges that are not present in traditional office environments.
So what is so important about access controls, identity and security of the remote workforce?
Cybersecurity threats change when employees work remotely; everything from vulnerabilities in home networking gear to physical controls that are lacking in protection compared to a hardened office location all increase risk. Another threat in this context is the end-user’s need to access and transact sensitive data over public internet connections when remotely connecting to applications and other system resources that exist in their corporate office locations and data centers. If access to that data, those systems or other resources is not properly secured, bad actors can take advantage of lapses in security to compromise and expose that data or to take a more malicious approach and hold that data or the critical systems that process it for ransom. Identity and Access Management security, especially the security of remote access to key resources and data, are paramount to any security strategy and critical for managing IT risk.
Best practices for securing remote access
Remote work often forces employers and employees to adopt a broader set of tools for things like collaboration and remotely managing applications, services and data. This broader adoption of tools and services (often without security in mind) increases the attack surface for bad actors to exploit. In addition to the standard applications that are used in the office, remote workers also may use applications like RDP, Remote Access Tools, VPN clients, and other remote access technologies creating new potential security vulnerabilities if not properly managed and secured.
- Use a VPN for remote access, secured with Multi Factor Authentication.
- Follow the Least Privilege Doctrine and only provide access that people need based on roles and duties. Be sure that system administrators are given separate user accounts for privileged access.
- For organizations that rely on external IT providers, make sure that their remote access tools are secured by more than just a username and password.
- Consider Zero Trust and its application to remote access.
- Consider a Remote Access Security Cleanup or other Remote Security Services offered by LMG Security.
- 8 key security considerations for protecting remote workers (CSO Online)
- 8 Best Practices for Secure Remote Work Access (Security Boulevard)
- Essential Guide to Securing Remote Access (Duo)
- 5 Reasons to Protect your VPN with MFA (Duo)
Looking for hands-on help to secure access controls? Our consults with blue-chip vendors can help.
vCISO Services from Corvus aim to help organizations dig deeper into specific issues and find the right offering to meet their needs. The process begins with a free, no-risk consultation call to explore options. Any further services selected are offered at an exclusive discounted rate.
Click here and fill out the form to get started. You can check off as many services as you’d like — we recommend each of the following for help in securing access controls: Multifactor Authentication, Active Directory, Network Segmentation, and Cloud Security Configuration.