Remote work isn't going anywhere. That's what we've learned over the past year and a half at this point. There will be a return to offices at some point in the future, but many workers are asking for more flexible days to work from home, and asking for new schedules to work around their families and home life. Overall, businesses will adapt to their industry, but there will be an increase of workers from home regardless... so how do Cybersecurity Engineers handle it?
Well, we have to take the battle back to the endpoint. We need to create a security posture which allows for endpoints to be secured fully, rather than relying on just firewalls or IPS solutions - and though virtualization may help somewhat, having host based protection is key for the future. Additionally, you need an MDR that has the ability to actually respond, so when a system is potentially infected it is locked down before the malware spreads to other systems.
Here's some key tips... Don't fall into the trap of allowing users Adminaccess.
This becomes harder when you have end users that are potentially using their own equipment (BYOD), but requiring users create a separate user account they operate with that doesn't have administrator rights will prevent a lot of hardship down the line. Users should be given devices (or have a locked down virtual machine) to log into, and basic security controls on the system logging into the VM. But most of all take away admin rights. They shouldn't need them if they're actually doing work during the day.
Make sure your work practices for remote systems require security technologies on them
Some people think that if you're having a remote system log into a VM, and all the work is done on the VM, you're okay. You aren't. Pretty much all of the vulnerabilities that happened in the past year would allow an infected host to get into a Virtual Machine architecture. This is why you can't ignore the security of the devices accessing your network, and need strong access controls.
Allow flexibility, but don't prefer it over security
I get calls all the time about how to make a security policy that will "allow a user to not have their work interrupted no matter what". I understand that desire, and I can create a security environment where that is *mostly* true... but the key here is mostly. I'm not going to create a security policy where someone does something incredibly dangerous - and it is allowed because we don't want to piss off a user - that just isn't in the cards for me as a security engineer. But this is a strategy that you need to apply for your remote environments - allow them ability to do their work, and make sure that anything they don't need to do... they can't - for the security of the company.
Get user buy in for remote users
Have management explain that remote work is a privilege that has certain requirements. If users want to be able to work remotely - they need to meet requirements to follow security processes. Don't use Outlook Web client - VPN in and work within the company security process. Do their work on the protected devices, rather than whatever device they're comfortable with. These are all things that will be required in order to ensure to they are practicing safe remote work security.
Use an MDR Solution
At this point, with users working different hours and having them on devices more likely to get infected... make sure you have a Managed Detection & Response technology in place that allows a real response / remediation to issues. London Security recommends Blackpoint Cyber for this - and we can talk to you today about doing a Ransomware Risk Assessment to figure out where your business is in case of a ransomware attack on your remote users. Without the ability to lockdown a device that behaves oddly remotely, and prevent them from accessing your key data - you may wake up to a call on a Sunday morning to find out your file server has been hit with Ransomware and needs to be decrypted.