Feature Story

Cisco’s best security practices for WFH

by Stephanie Chan

Cisco’s best security practices for WFH

Tips on how to level-up your security for both users and admins – because we’re all part of the security team.

The rapid shift to work-from-home this year has left many businesses with a larger remote workforce than they have ever had to handle. More employees are away from the offices’ enterprise security while still using collaboration tools, which means they could be accessing company data from unsecured home networks. The trend of working from home could be here to stay, so it’s crucial to find a way for users to acquire resources from remote locations while also being defended from threats while on or off the network. It’s for these reasons and more that cybersecurity must be top of mind for both users and IT admins. Everyone has a role to play in keeping the organization secure!

Employees are now connecting to corporate resources with more personal, unmanaged devices, creating a blind spot for security teams. According to Cisco’s Future of Secure Remote Work Report, conducted during COVID-19, one in two IT-decision makers stated that office laptops/desktops (56%) and personal devices (54%) are a challenge to protect in a remote environment. The vast majority of respondents (85%) said cybersecurity is now extremely important or more important than before COVID-19 at their organization, with two thirds saying this will result in an increase in cybersecurity investments.

See also: Security + Privacy at the heart of what's next

With the combined forces of Cisco’s AnyConnect VPN, Duo Security multi-factor authentication (MFA) and Cisco Umbrella DNS security - a comprehensive cybersecurity plan is possible and simple to manage, no matter where workers are. In addition, employees and admins should implement these best practices for complete cyber protection, all from home.

Users

  • MFA all the things: Duo MFA is the first step in a zero- trust security strategy that establishes trust for every access request — regardless of location
  • Use a web camera cover: If they are not used to video conferencing, employees should either get a cover or just use a post-it or Band-Aid.
  • Don’t do personal things on work equipment: In addition, don’t use your personal devices to access work applications, unless your employer says that’s ok!
  • Avoid accessing personal data, such as online banking sites, via unsecured Wi-Fi: These connections could be monitored by attackers leaving your personal information at risk. 
  • Be especially on guard for phishing: There are a lot of scams related to the COVID-19 outbreak. Cisco’s threat intelligence group Talos has found that attackers are taking advantage of the situation to lure users into pitfalls like phishing, fraud, and disinformation campaigns. Make sure you’re getting your information from respected sources, and be skeptical about COVID-19 emails, text messages and phone calls asking you to login or for your information. “Bad guys profit from bad times,” Cisco Advisory CISO Wolfgang Goerlich explains. “We have seen an uptick in both traditional phishing, and more advanced phishing, since the pandemic began. In addition to the guidance about never sharing passwords, people should also take care when granting app permissions. Always verify the sender, the link, and the website.”
  • Secure home network equipment: Home routers are often insecure by default. Be sure to set a password for your wifi network and keep the software up-to-date by installing any patches when they become available
  • Don’t forget to ask for help: While they may not be there physically, your security team is still around to help answer your questions.

Admins

  • Implement MFA for remote access for all users, not just admins: Attackers will be looking even harder for accounts to compromise. In addition, if you’ve never had much remote access before, DO NOT simply set up Remote Desktop Protocol without MFA. Attackers are constantly scanning for open remote access programs like these and a username and password will not stop them. Additionally, implement MFA for applications, not just VPNs.
  • Take inventory of all devices accessing data: With the influx of “bring your own device” in the workplace, businesses often aren’t aware of the full scope of unknown devices that are accessing corporate applications and data. These “shadow” devices can increase the risk of breach for unsuspecting organizations. “Our defense depends upon visibility,” Goerlich says. “Often, the workforce is running thousands of applications while we only have visibility and control over tens of apps. Often, people are using several devices while we only control one or two. This gap leaves us critically blind. It’s imperative we increase the width of our defenses to cover more apps and more devices.” Cisco Umbrella ensures secure DNS for people working from home, protecting their devices without having to manage the devices or install additional agents.
  • Security teams need to step up monitoring for unusual access: If they have only been monitoring by IP address, they need to change it to be able to monitor by device; they should consider deploying endpoint certificates or use a combination of machine identifiers.
  • Have phone numbers for WFH employees: Admins need a way to verify the identity of end users. This can be done with knowledge-based questions (like corporate ID), Push 2FA like Duo, or simply a number to call users and ask if it really is them on the system.
  • Ensure users update their systems: This may need to happen in a different way since users are no longer on the corporate network full time. 

As Duo GM and co-founder Dug Song says, security is a cultural commitment that needs to be foundational at an organization- this means that everyone is on the same team and each employee is responsible for their role in keeping things secure. 

To learn more, read about Cisco’s security reports here.


###

We welcome the re-use, republication, and distribution of "The Network" content. Please credit us with the following information: Used with the permission of http://thenetwork.cisco.com/.