Millions of workers are now working from home. For anyone in IT or security, the move towards remote access creates a new set of challenges and security threats.
The most common way to offer remote access is through VPN. But this can create speed issues. VPNs typically consume up to 20% of a company’s bandwidth. With everyone connecting to VPN this will create bottlenecks. Most companies have likely added capacity to help address this, but remote workers should expect that systems will run slower over VPN.
Security is another big concern. While VPNs are a good option for office workers, they can still be insecure and unreliable. VPN opens access to the whole network instead of several resources. With so many people working off VPNs, this increases security risks by creating new entry points for malicious actors to execute malware, ransomware, phishing and brute force attacks. Employees and companies can expect an increase in attacks as bad actors dial-up their threats.
As companies (and their IT departments) work to ensure remote access for workers and maintain security, keep these 5 tips in mind:
1. Update VPNs and Install Patches – If you haven’t already, make sure you have installed all updates and patches to your VPN network. Hackers have increased their attacks on VPN vulnerabilities.
2. Strong Passwords – This goes without saying but remote workers should have strong passwords that are regularly rotated. If your password policies don’t require regular rotation, you may want to update them or ask employees to rotate them every few weeks – especially while working from insecure home WiFi networks.
3. Add Multifactor Authentication – many companies already use MFA and using it in conjunction with VPN adds another layer of security. If you are not using MFA, now is a good time to consider it. At its core, multifactor authentication provides an added access control that requires a user to present multiple pieces of evidence or identifiers (usually a one-time passcode) before granting access to company systems. With MFA, even if passwords are stolen, it’s unlikely that the hacker also has the phone and OTP generator.
4. Implement a Secure Gateway for IT Admins and Privileged Users – Not all remote users are the same. Most of your workers need access to email and a few other resources to perform their job. VPN with MFA works for these employees. But IT admins need access to your network and accounts, including Windows, Unix, AWS or Azure Instances, Mainframes, Cisco and Juniper Network Devices, Websites or Web Management Portals. VPNs are not designed for this level of privileged user. You need a Secure Gateway that brokers access using HTTPs to specific resources. This way you can use your existing identity provider such as Active Directory (AD), AzureAD, Office365, Google Authentication, etc, to access privileged accounts such as root or Administrator. This also frees up speed by eliminating the need for VPNs for IT admins and privileged users.
5. Implement Principle of Least Privilege – Whether it’s general workers or IT admins, you want to implement the principle of least privilege. This ensures people only have access to the systems they need and no more.
XTAM Remote Employee Gateway
At Xton, we know these are challenging times and companies are continuously updating their business continuity plans. In an effort to help companies provide secure remote access to their privileged users, the XTAM Remote Employee Gateway is free for new installations through June 1.
XTAM Remote Employee Gateway uses a modern architecture and is cloud-ready which makes it easy to set up quickly. The goal is to help companies securely lock their systems behind their firewall and use a secure gateway to provide access to IT admins. The added benefit is that XTAM also offers session monitoring, video recording, and notifications required for auditing and compliance. Something that VPN cannot provide.
With a 10-minute download, companies can set up a secure gateway quickly, implement least privilege and have audit capabilities. You will also have peace of mind knowing that IT admins can access critical infrastructure security minimizing the risk of a breach.
Banner image by Business vector created by stories – www.freepik.com