Cyber Risk Advisory

Remote Workforce is NOT the New Norm, but “Secure Work Anywhere” Should Be

Jonathan Leach

Principal, Cyber Risk Services, Coalfire

Blog Images 2022 05 21 Hero

Secure Work Anywhere (SWA) is a new term for an old idea that is quickly becoming an industry standard. The overall principles of SWA are not new, but the risks associated with increased rates of workers connecting from potentially unsecure networks highlight the importance of those principles now more than ever. Although your workers may not always be remote, they should always be secure.

The US Secret Service has warned that COVID-19 email scams are on the rise, Google has discovered dramatic increases in detected phishing sites, and stimulus package fraud emails and websites have been popping up like weeds. Cyber criminals are taking advantage of the COVID-19 crisis amid the public’s fear, panic, and uncertainty, inciting ‘Crimes of Opportunity’ by hosting and/or sending convincing-looking websites and emails with increased success rates.

Securing your workforce starts with treating users, laptops, and all other remote work hardware (desktops, cell phones, tablets, etc.) and software (applications, systems, programs, etc.) as potential vulnerabilities. Generally speaking, workers who are issued laptops are able to connect to an organization’s network and work remotely with little to no loss of functionality. However, few organizations have the necessary security controls in place to even minimally enforce the same security controls used on-site, and fewer still restrict user access while off-site or remote.

The 5 key tenets of SWA are :

  1. Secure the endpoint (laptop/phone/tablet/remote desktop)
  2. Identify and authorize all user access
  3. Secure connection to necessary and specific job-related data
  4. Restrict access until identity is confirmed, user authorized, and a secure connection is established
  5. Limit access and permissions using the Principle of Least Privilege

To ensure the same security controls are enforced whether on or off the corporate network. Organizations need to enforce endpoint-based security policies for malware and virus detection. Endpoint device virus and malware tools, detection patterns, and definitions should be automatically updated upon connection to a network and required to be up-to-date prior to connecting to the corporate network.

Organizations should identify employees (and their administrator accounts) by using unique usernames with complex passwords, along with multifactor authentication. Multifactor Authentication (MFA) should be required to establish a secure network connection, and is swiftly accomplished with easy-to-use, integrated applications. Additional MFA tools from separate providers/manufacturers should also be used to further secure and restrict access to an organization’s most critical data. A secure network connection can be established using a Virtual Private Network (VPN) in combination with role-based access controls (RBAC) and/or a software defined perimeter (SDP) that allows organizations to limit users’ access to data, applications, etc., based on “need to know” while preventing access and visibility to everything else.

Enforcing these foundational security principles for all workers with the ability to access the corporate network will ensure that the same (if not stricter) security controls are enforced whether a user is connected to the corporate network or their neighbor’s unprotected Wi-Fi, making Secure Work Anywhere a reality.