How Well Do You Know Your Network? Mitigating Security Risks Beyond the Firewall
Breaches Are No Joke
Cybercrime costs the global economy $2.9 million every minute. The average damage to a business in the United States after one data breach is $8.64 million. Let’s say you have the cash flow available to survive the legal costs and damage to your business. The revenue loss would be a massive problem, but it wouldn’t be the only one.
While your business works to repair compromised systems and return to productivity, you will have to address the data breach notification legal requirements mandated by each state and country. Once you achieve compliance, you need to regain your customers’ trust and campaign to restore your business’s image.
The alternative? Prevention and mitigation strategies. By taking a survey of your current security measures, you can identify holes or fractures lurking in your system before any breach.
How Secure Is Your Network Right Now?
Consider your network before the pandemic. You likely had security tools, tactics, and policies in place to monitor unauthorized intrusions. Your network administrator assured you that the most sophisticated firewall is churning out top-notch encryption methods to prevent breaches. There was an impenetrable perimeter around your network.
But what happens when companies ask their employees to work from home due to a global pandemic? The secure environment you’ve worked so hard to build isn’t as helpful when 350 computers from 350 different external local area networks (LANs) are suddenly fraternizing with your otherwise stable system.
Will it hold up? How well do you know this complex network? Can your systems withstand an extreme variation of protocol due to the present-day challenges? These are today’s most significant obstacles to securing your data.
Problem 1: The Rapid Transition to Remote Work
Most management teams were not prepared for remote work when forced into distributed teams earlier this year. Critical data is in one location, and employees are scattered about in others. When everyone is no longer under the same roof, things get complicated. With many employees now working 100% from home, your network is only as secure as theirs—if you don’t incorporate the potential risks of home offices in your current incident response plan (IRP).
This is the most considerable security transformation we’ve ever seen, and companies are vulnerable. Most large enterprises used to allow occasional work from home—maybe even a day per week—but are now scrambling to get the necessary tech to their employees for safe, long-term remote work.
Problem 2: Employees With Insecure Networks
If you work for a company that’s not technically oriented, your employees might require significant education on safe remote work practices. Your team needs to understand the risks to company security at home or on the go.
You need to take action at the network level to protect your company in terms of home network administration and employee machines to prevent exposing open web application ports to other devices on the same network. You don’t know anything about the network administration of a random coffee shop, for example. How do you trust that the coffee shop has adequate network security? You can’t.
Problem 3: Outside Users Who Compromise the System
The same applies to home WiFi networks. What about an employee’s teenage son who’s downloading suspicious bit torrents? Malware can start scanning for open ports on the machine. Using remote code execution, curious hackers could start poking around on anything you may be developing. They could even potentially get access to credentials for sensitive information. The entire system could be compromised.
To exacerbate the situation, a lot of local development is created with debugging mode on—meaning that the source code for a web application is often exposed in a more readable format with a source map. A hacker could see what you’re working on, identify its source code, and even gain credentials to a critical program. If your team is working on valuable IP (intellectual property), this is a risk you can’t afford.
The Solutions
In this newly distributed environment, it’s critical to protect yourself from social engineering tactics the same way you protect your devices from malware. There are two straightforward measures you can take to protect your network. The first is physical security.
1. Establish Practices for Physical Security
Make sure your team always uses their company-issued devices, and that hard drives are encrypted. You also want to make sure that an attacker would need your fingerprint or password to get access to any data. Two-factor authentication and biometric data requirements might require a few extra seconds to log in and get to work, but they’ll vastly slow down hackers.
Two-factor authentication—commonly known as 2FA—is a security method that requires additional steps to verify a person’s identity before unlocking access. If you’ve ever received a text message with a code to log in to your bank account, then you’ve used two-factor authentication. Other options include a push notification to a mobile device or an authentication app that provides a code. But this approach may not improve security as much as you think. Because the code is something you know, like your password, it can compromise your security if it's swiped. For protection of sensitive accounts, you may want to install hardware security keys on laptops,such as YubiKeys, which employees must press to populate a login form with code.
On the other hand, biometric data generally refers to a fingerprint or facial recognition, such as Touch ID and Face ID on Apple devices. While biometric authentication is an excellent way to verify identity, you must ensure that this data is stored locally and not sent to an external server, where it can be compromised and used by hackers.
2. Set Up a VPN
The second tactic is to utilize a VPN (virtual private network) to create an additional security layer.
Some VPNs will—in essence—fully isolate you from your home network or any other outside network like a coffee shop or an airport. Other VPN options allow you to be a member of both at the same time. Before you choose, it’s essential to know what you want and expect from your VPN package. Factors to consider include security measures, privacy, speed, reliable connections, user-friendly interface, multiple servers, and cost. To prevent misuse of VPNs, you may also want to consider using Zero-Trust Network Access Technology (ZTNA), which uses microsegmentation and isolation to ensure stricter user-access control.
Some companies question whether they need a full VPN or if a secure cloud service like AWS (Amazon Web Services) is enough. VPNs are the vanguard of safe and effective remote work, but cloud-based servers have been on the rise in recent months. The hassle of daily server maintenance is outsourced to a third-party who does most of the heavy lifting. Clouds are also more compatible with mobile apps. But, they can’t necessarily guarantee security.
A Cloud Service Is Not a Security Measure
This accelerated shift to cloud services may eventually transition what is known as Secure Access Service Edge. Companies will need to strengthen their identity and access management tools and use automated monitoring and remediation capabilities to prepare for any identity-related threats on the cloud.
Not all cloud-based services are created equal in their level of security. Companies should look for services with an established track record of preventing breaches and skillfully handling any attacks they’ve suffered. AWS uses a shared security model. They are responsible for part of the security and delegate the rest to the client. As threats continue to evolve at a rapid pace, the use of automated systems to streamline cloud security management may also become highly valuable. For example, tools like Cloud Security Posture Management help companies identify and remediate risks through security assessments and automated compliance monitoring, while an extended detection and response systemmonitors and collects activity data from endpoints to identify possible cyber security threats.
It’s crucial to understand that just adopting a cloud is not a security solution. Leaders should also consider requiring multi-factor authentication for logging into their cloud services—not only for their hardware devices, as discussed above.
So VPN? Cloud Service? Or Both?
Though both VPNs and clouds have proven to be successful in their arenas, deciding factors often come down to budget. A company choosing to adopt a VPN will need to invest quite a bit more in infrastructure and security personnel to administer the system adequately. Secure cloud services might be more practical for smaller companies without these resources.
Despite the debate, there doesn’t need to be a dichotomy between VPNs and cloud services. You just have to choose what’s best for your company.
Finding the Right Team
Working from home is the new norm. The most crucial element is a security team with the skills and expertise to recommend the right measures and tools. Without a thorough evaluation, your company is living dangerously in the Wild Wild West of a distributed environment.
For more information visit: https://www.theorem.co/
