The number and percentage of employees working remotely has been growing significantly over the past several years – accelerating and proliferating due to the impact of the COVID pandemic. Industry studies indicate the trend towards increased remote workers will continue due to benefits to both employers and employees.
This week, the National Security Agency (NSA) and te Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Information Sheet that details factors to consider when choosing workforce remote access technology (known as Virtual Private Networks (VPNs)).
Let’s focus on remote workforce trends and key points from the NSA/CISA publication, “Selecting and Hardening Remote Access VPN Solutions”.
Remote Workforce Trends
- Global Workplace Analytics projects that 25-30% of workers will be working remotely by the end of 2021. Upwork, a leading work marketplace provider, has similar estimates.
- Global Workplace Analytics also estimates that employers can save an average of $11,000 per year for each remote employee due to lower office space costs, higher productivity, lower absenteeism, and less turnover.
- Owl labs research found that remote workers were happy 22% more than full-time on-site office workers, influenced by less stress, greater focus, and better work-life balance.
- Mercer, a global human resource consulting firm, indicates 94% of employers studied state that productivity was the same or higher with employees working from home.
- Research from Becker Friedman Institute for Economics (University of Chicago) shows that 30% of workforce respondents indicate they are more productive and engaged working from home.
National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) Key Points
- Remote-access Virtual Private Network (VPN) servers enable off-site users to tunnel into their organization’s protected networks. These entry points are vulnerable to exploitation by malicious cyber actors.
- Exploitation techniques include credential harvesting, weakening and hijacking of encrypted traffic, and arbitrary reads of sensitive data.
- Organizations should use standards-based VPN solutions with strong authentication methods such as multi-factor authentication and timely application of security patches and updates.
- VPNs can be hardened against compromise by reducing the attack surface through techniques including the following:
- Strong cryptography
- Running only necessary monitoring and protection features
- Select a vendor with a proven track record of supporting products via regular software updates and quickly remediating known vulnerabilities
- Ensure the product has a robust method to validate the integrity of its own code and regularly perform code validation. • Ensure the product has a robust method to validate the integrity of its own code
- Ensure the product includes protection against intrusions
- Use trusted server certificates and update them periodically
- Review accounts to ensure that all accounts are expected and needed for remote access.
- Restrict external access to the VPN by port and protocol
- Investigate any attempts to use administrator credentials to access the remote access
- Deploy an intrusion prevention system in front of the remote access VPN
- Enable enhanced web application security.
- Employ appropriate network segmentation and restrictions to limit access
- Enable local and remote logging to record and track VPN user activity
- Continuously monitor and conduct analytics on all logs to look for unauthorized access, malicious configuration changes, anomalous network traffic, and other indicators of compromise.
If you have questions regarding your organization’s cyber security posture, or need IT Services in NJ, please contact Peter Jacobson, powersolution, at (855) 551-7760 x321, and get a consultation.