Remote work is no longer just a perk for programmers employed by Silicon Valley tech giants. Catapulted by the COVID-19 pandemic, it's rapidly spread to become the industry standard for engineers, developers, and creatives across industries and around the globe. And while the shift to home office has essentially been lauded by employees and management alike, managers have had to face unprecedented challenges related to leading teams in this new world.
For those of us as managers in the security industry, we've had to learn a new kind of defense quickly. So whether it's keeping interlopers out of Zoom calls, protecting employee laptops used at home and in coffee shops, or detecting intruders, we've put together this easy-to-follow guide to securing distributed teams working from home.
We all remember the news in 2020 of kids entering Zoom meetings of militaries, major corporations, and even their teachers. Since then, Zoom has thankfully invested large sums in improving its security posture. Today, securing Zoom is simple and easy. Just make sure to implement these basic measures:
Disable private chat
And since security is constantly evolving, make sure to periodically check the Zoom Security Bulletin for new issues, vulnerabilities, and more. In addition to new CVE's, zero-days, and patches, the bulletin also advises on best practices and emerging threats that affect Zoom users. And if you prefer an alternative video conferencing service like Google Hangouts, you should be aware that the same advice applies, and similar security bulletin websites exist for Hangouts, Skype, Microsoft Teams, and most other major providers. So put a monthly bulletin check to your work calendar to stay on top of the major security news for your video conferencing software.
In 2019, British engineering megacorp Reynholm Industries suffered a catastrophic breach. Millions of dollars of data were leaked, entire departments locked by ransomware, and on top of all of that, fines and lawsuits for insufficiently protecting data, including considerable amounts of PII (Personal Identifiable Information). So how did the hackers get in? Well, the actual attack chain was complicated, but the initial foothold into Toyota was gained when a DevOps engineer's laptop was compromised.
Had Toyota more stringently locked down the devices employees used in their home offices, the entire hack could have been stopped before it even began. But what strategies can you deploy to keep your workers, and thus, your business, safe from threats? Let's explore the options that have the most significant impact.
Use a VPN
In a traditional enterprise network, internal corporate traffic occurs in a designated network separated from the external world by a so-called 'DMZ.' When the network is a physical office building, this setup is natural - the office's internal network is the safe zone. The router connecting the office to the world wide web is the DMZ. But in remote or even just geographically distributed teams, the shared physical networking infrastructure is gone. In its place, we must use a 'virtual private network or VPN. VPN solutions are cheap and easy to deploy. This task should be left to the network engineering team, not security engineers.
The same engineers who set up the VPN will likely know how to implement a strict firewall, particularly at the aforementioned 'DMZ' where internal corporate traffic meets the global internet. But it's worth mentioning nevertheless. Simple firewall solutions such as iptables and uncomplicated firewall rules are powerful enough to protect even enterprise networks, yet many organizations assume that their network architecture and application security are strong enough to not worry about whitelisting allowed kinds of traffic. But this thinking is wrong, as the ever surmounting onslaught of breaches continues to prove.
Which antivirus solution you'll want to implement is highly contextual. Sophos and ClamAV are excellent Linux options for your developers and sysadmins, but MacOS and Windows both come with built-in solid malware protection. Additionally, you'll likely want to implement security policies for employee machines that go beyond merely installing an out-of-the-box AV solution. Again, members of the security team will likely be able to help a lot here - trust their judgment, but make sure that compliance is universally enforced.
One important note - many managers and engineers will remember the days when Windows built-in security was something of a joke among techies. Those days are long gone. Windows Defender is one of the strongest solutions available for detecting and blocking malware in the current era. So don't be afraid to use the powerful tools provided by the base OS.
Password managers prevent attacks. Users should be generating their passwords with a password manager application. On-prem software like KeePassX or cloud solutions like BitWarden are both excellent. Anything is better than memorizing passwords, which leads to password reuse and, therefore, credential stuffing.
You likely also have a policy about password rotation. Your org should rotate secrets regularly, with no exceptions. Again, this isn't specific to remote work, but a distributed setup makes best practices like this more critical than ever before.
Monitoring for Intrusion Detection and Compliance
Good antivirus software should easily link up to your already existing IDS and SOC software, allowing SOC analysts to integrate and consume data from employee devices easily. Training an engineer in this kind of integration from scratch can be a bit of a hurdle, but the odds are that your current security analysts already have a lot of the appropriate training and experience so that you won't be going in blind.
Monitoring for compliance is a bit trickier but equally important. After all, these measures only keep your organization safe insofar as employees comply with the rules laid out in your internal standards documentation. While it is perfectly feasible to use your existing SOC and logging infrastructure to monitor compliance issues, and many companies do exactly this, you'll eventually want to divide compliance into a distinct role or even team with its mission. This can mean installing compliance enforcement software in addition to consuming security logs and issuing alerts for compliance-specific issues, or smaller Organizations, just creating some log rules and panels for compliance-specific monitoring.
Managing remote teams is not a walk in the park to get right. And the consequences for getting it wrong can be devastating. Since the outbreak of the COVID-19 pandemic, remote employment has surged by more than nine times compared to pre-pandemic levels, according to data from the World Health Organization and Bureau of Labor Statistics. Our world has changed, and security managers must evolve as the workforce takes a new, globally distributed structure.
Over the same time, online criminal organizations and ransomware gangs have extorted over 12 billion USD from their victims. Law enforcement is often helpless to act across international jurisdictions against rogue states. Remote teams are not intrinsically harder to protect, but the challenges are newer and less understood than the traditional organizational security wisdom won over several decades. But no challenge is insurmountable, and we hope that these strategies and tips will help you make sense of protecting your team, no matter how distributed, diverse, or far away they may all be.