WFH security do’s and don’ts: Reducing risk for a network without borders
As more work-from-home business models become permanent, the boundaries between work life and personal life have become perpetually blurred. While this has sustained business continuity, it has created a technical nightmare for IT organizations. Security attack vectors have increased exponentially.
This means companies of every size must now rethink their security approach for the remote workforce. Any shortcuts previously taken to quickly enable at-home workers should now be reviewed with an eye toward security, cost effectiveness, and long-term sustainability. As IT leaders perform much-needed security audits in 2021, here are the biggest concerns they face and a list of do’s and don’ts for addressing them.
As the network perimeter explodes, so do risks
The freedom to work from anywhere has created networks without borders, which in turn introduces a much wider attack surface. Personal devices, home internet services, and public WiFi, are the culprits. While these are not new security challenges, what was previously the exception is now the normal, creating opportunities for access on a mass scale and at high frequency. As a result, new attacks are appearing everyday and old ones are being re-energized.
Herein lies the core concern and the call to action for IT leaders. Security must evolve to protect an environment that is no longer characterized by known devices, locations, and networks–rather the unknowns of any device, anywhere, by any access means possible.
WFH problems and solutions
The vastly expanded scope of the IT environment has created three classes of problems for enterprise security.
1. Problems begin at the endpoint, and so too should security
Connectivity and communication originates with the endpoint, which has a much broader definition today. Laptops, tablets, phones, servers, as well as virtual environments, including IoT devices like smart TVs, wearables, and everything in between can be considered an endpoint. And remote and at-home employees don’t just use their company-issued laptop for work anymore. Personal devices are entering the list of endpoints that must be secured, creating these risks:
- Unauthorized access and data leakage: Remote access creates a higher risk, because behavior at home is typically different. Take for example, employees sharing devices with family members or using connectivity that is outside of IT control.
- Consumer IoT exposure: Issues creep beyond just employee cell phones. The home network is likely shared by a large number of uncontrolled devices such as family computers, family mobile devices, smart TVs, and consumer electronics.
- Lost enterprise security protections: With all sorts of devices “in the wild” using home internet services, security controls built specifically to protect employees and corporate connections are no longer applicable.
Security efforts today should start at the endpoint, taking into consideration device control and the ability to enforce security policies. Also important are next-gen security protections including anti-malware, threat intelligence, AI-based automation, as well as multi-factor authentication.
2. More connectivity types require more visibility and less user trust
VPNs, home internet services, and public WiFi are now the de facto access methodologies. Yet each one can expose the corporate network to a wide variety of external environments, many of which lack adequate security controls:
- VPNs–even corporate sanctioned–may not be enough
VPN’s simply create an encrypted connection into the network, but do not provide any protections for end users and company data.
- Home ISP security is not up to snuff
Consumer-grade security for ISP connections is typically not the same quality as the corporate equivalent. Most lack the ability to segment work traffic from home traffic by VLAN and encryption, thus company data is at a high risk of exposure from potentially compromised hosts on the home network
Suspicious activity and anomalous behavior can arise from all of these unprotected environments, and the key is to first understand which access methodologies employees are using. Solutions that offer visibility into company resources are critical, as is the ability to see what’s happening across the entire network.
Using a Zero Trust security approach can provide another layer of protection and is particularly helpful for those using many VPN connections. Aligning with today’s borderless IT environments, a Zero Trust architecture abolishes the idea of trusted users and networks inside a defined perimeter. Instead, these security controls are designed around the flow of sensitive data and authenticating all users and systems needing access–no matter who they are.
WFH security: The do’s and don’ts
Layers of security are crucial today, and it’s important to know which technologies have moved into the must-have group. Endpoint threat protection packaged with 24/7 detection and response services will likely experience adoption spikes in 2021. Every WFH organization also needs network endpoints that can use an encrypted tunnel to traverse the home internet. But there are lots of different ways to get there. Secure access security edge (SASE) solutions can fill the need, as can light-weight SD-WAN solutions designed for secure access from home and on the go.
As IT leaders rethink security, they should start with an audit and consider these do’s and don’ts:
- Implement MFA using code generators and consider visibility into WAN user identity analytics
- Protect endpoints with next-gen technology such as endpoint detection and response or endpoint management systems that include anti-malware as well policy controls and/or threat hunting capabilities
- Require all company connectivity to be done via controlled channels, whether it’s through VPN, through SASE, SD-WAN, or even cloud access security broker (CASB)
- Consider solutions that converge network and security tools and services into a simplified unified approach
- Neglect user awareness training–educate users about these new threat vectors and review company property usage policies
- Be complacent and allow the workforce to be lax with security as they transition between work and home environments
- Ignore mobile security, as these devices are becoming a significant entry point into the corporate environment
As workforce habits evolve, the overall advice remains the same: Security has never been more critical. IT executives must revisit security strategies and work to reduce risk as the network expands without borders.
When you’re ready to reassess security for your WFH organization, contact Masergy.
Managed Security? We're here to answer all of your questions.
Call us now to arrange a consultation (866) 588-5885.
Or arrange for a consultation through our request form.
Security point solutions are useless in 2022 and beyond
Masergy’s final prediction for 2022 is one of the most important. Here are our tips for breaking down silos and taking a holistic approach to security.
What the analysts say about selecting a managed security services provider
Only the largest businesses can handle security 100% internally, but finding an MSSP can be hard. These tips come from Nemertes Research.
Masergy’s Jim Glackin receives 2021 Channel Partners Circle of Excellence award
Circle of Excellence honors Masergy for vision, innovation, and advocacy of the channel during a time of transition and convergence.
Why remote work security is so difficult and the single best thing you can do about it
Remote and hybrid work can complicate security, increasing risk. So, what’s the single best remedy? Here’s the answer.
5 reasons to be excited about the Comcast Business acquisition
Here’s how our combined company will accelerate digital transformation and unlock more value for clients, partners, and the industry at large.
Not getting the collaboration experience you want? Look at your technology provider
Collaboration applications won’t perform without the right support systems. In fact, it’s what’s behind the technology curtain that matters most.
Resourcive, CXT180, and Subsidium Technologies attain Apex level status in Masergy Zenith Program
Congratulations to our partners Resourcive, CXT180 and Subsidium Technologies for attaining Apex level status in the Masergy Zenith Program!
Network segmentation security: How to avoid IT complexity
How can you partition networks to avoid complexity? Here’s how Masergy advises IT leaders when it comes to segmenting networks for security purposes.
Embracing what’s next
With every new technology shift comes the promise of what’s possible along with uncertainty inherent in change.
What is Zero Trust security and how do I get started?
Security strategies from the past 20 years are no longer working. Zero Trust offers a more resilient security approach for today’s challenges.
Cybersecurity threats now: 6 eye openers from Black Hat every IT leader should know
Takeaways from Black Hat reveal what IT professionals should know as they strengthen security postures and counteract cyber criminals.
Comcast Business to Acquire Masergy, a Pioneer in Software‑Defined Networking and Cloud Platforms
The acquisition accelerates Comcast Business’s increasing growth serving large and mid-size companies with multi-site global operations.
4-Step cybersecurity risk assessment
Data breaches cost $4.24M on average. Use the following four steps to help identify where you are today and what you should do next to improve your security posture.
Setting a course for SASE: Best practices and questions to address along the way
Here we explore the SASE plans companies are making and the difficult questions they address along the way.
The Top Five Cybersecurity Threats to Watch Out for Now
Online security threats are constantly evolving. What should you worry about now? Here’s the latest line up of cybersecurity threats and how to stay ahead.
Masergy Announces Zenith Partner of the Year Awards
Following the company's best year ever, Masergy celebrates channel partners for their 2021 sales achievements.
Masergy’s Florence Le Goff Honored in the 2021 CRN® 2021 Rising Female Stars List
Masergy’s Director of Channel Marketing recognized for contributions shaping the future of the IT channel.
Getting SASE? Four guidelines for success
To ensure security and agility and reap the full benefits of SASE, you need to follow four key guidelines for success.
Why legal firms choose Masergy to digitize and improve the client experience
Here’s how Masergy helped several global law firms modernize to meet the needs of their clients while prioritizing data security.
Masergy Wins Two 2021 Visionary Spotlight Awards
Masergy Zenith Partner Program and Masergy AIOps Recognized for Excellence
Masergy Wins Globee® in the 16th Annual 2021 IT World Awards®
Masergy Work From Anywhere solutions recognized for providing IT leaders with one cloud platform to cover the needs of their remote workforces.
Datatel1 and Digital Planet Communications Inc. reach Apex level in Masergy Zenith Program
Congratulations to our partners Datatel1 and Digital Planet Communications Inc. for attaining Apex level status in the Masergy Zenith Program!
The top 8 CASB use cases and how to ensure you’re covered
Cloud Access Security Brokers (CASBs) are go-to solutions for securing corporate data and cloud-based apps on employee devices. Learn why CASB is a crucial component of Gartner’s Secure Access Service Edge (SASE) framework and the top use cases for using CASB at your business.
EDR: The single best protection against ransomware
Advanced Endpoint Detection and Response (EDR) is the best medicine for ransomware. Here’s what to look for, and how companies use it.
IT may be killing your M&A strategy: Using SASE and SD-WAN to accelerate integration
Need to unite two companies quickly without jeopardizing security? Here’s how to put SASE and SD-WAN to work for your M&A strategy.
Masergy Zenith Program welcomes Blue Equinox, DVP Technologies and RealCom Solutions as Apex members
Congratulations to our partners Blue Equinox, DVP Technologies and RealCom Solutions for attaining Apex level status in the Masergy Zenith Program!
Masergy Wins Fortinet’s MSSP Partner of the Year Award
The MSSP Partner of the Year award is presented to partners who demonstrate innovation, growth, and alignment with Fortinet. Here’s why Masergy won.
Our best year in Masergy’s history
Businesses of all sizes are flocking to Masergy’s cloud networking platform. Here’s a look at our sales and why more IT leaders prefer our solutions.
Masergy Zenith Program helps partners reach companies of all sizes with flexible SASE solutions
The Zenith Program is six months old, which makes now a great time to check in on our progress and what’s coming next for the channel.
Cisco Webex + Masergy SD-WAN: The collaboration combo businesses need in 2021
Keep things simple with integrated services. Masergy UCaaS with Cisco Webex offers SD-WAN service for a perfectly complete collaboration solution.
CRN Names Masergy to its 2021 MSP 500 List
Masergy recognized by CRN as innovative and forward-thinking managed service provider.
Secure Web Gateway: How it serves the hybrid workforce and SASE too
SWG melds into broader offerings today, better serving the needs of the anywhere business. As markets converge, here’s what buyers should consider.
Jim Glackin of Masergy Recognized as 2021 CRN® Channel Chief
Prestigious CRN Channel Chiefs list recognizes Masergy’s SVP of Global Channels for outstanding leadership, influence, innovation, and growth
Masergy launches Managed Endpoint Detection & Response: Technology, analytics, and analysts in one turnkey solution
With technology, analytics, and security analysts all in one solution, clients can efficiently widen their security coverage to every endpoint.
SASE, the appeal of cloud firewalls, and when on-prem still matters
Explore the advantages of cloud firewalls, the role FWaaS plays in SASE solutions, and when to opt for the cloud or stick with on-premise.
IDG healthcare IT study: Convergence of network and security technologies enable efficient operations and orchestration
Explore new IDG research, discovering the latest security trends in healthcare and the approaches used to solve the problems of digital care.