For decades knowledge workers drove through peak hour traffic to sit in cubicles, in fixed office locations, to do their job. The coronavirus pandemic abruptly upended this tradition, with most people transitioning from in-office to entirely remote. As work-life returns to a more familiar rhythm, many companies will find a middle ground between remote and office-based workplaces. We call this “hybrid remote.” An environment where employees work some days remotely and in an office the others. An environment with flexibility delivering engaged, happy, and highly productive employees.
Whatever choices businesses make, one thing won’t change, and that’s the need to deliver connectivity to a more diverse range of devices and endpoints. Often these devices include consumer-grade networking equipment, cell phones, and tablets, with the long-established trend known as Bring Your Own Device (BYOD).
BYOD presents a unique set of security concerns that CXOs and IT leaders should consider before allowing employees to connect personal devices to proprietary corporate resources.
National Cybersecurity Awareness Month is in full swing with this year’s theme, “Do Your Part, #BeCyberSmart” focusing on the responsibility both organizations and end-users have to protect the devices they use to connect to business applications. In honor of this theme, we put together a list of how you can secure BYOD devices for your hybrid remote workforce.
Multi-Factor Authentication
Compromised credentials are the leading cause of data breaches, accounting for two-thirds of all successful breaches in 2018. Multi-factor Authentication (MFA) acts as a secondary layer of account verification and can protect proprietary business data or applications. This comes in handy for companies that have taken a BYOD approach because personal devices account for 50% of breaches in companies that allowed staff to use their own devices.
MFA solutions like Cisco Duo help protect your organization by acting as a gateway to your most critical business information. It can be integrated with almost any platform and can be rolled out to any device, making it a reliable option for employees using a personal device to conduct business.
Malware & Anti-Virus Protection
The malware in circulation today is becoming more sophisticated, causing traditional methods of virus threat detection to fall short. We believe that signature-based detection is no longer enough and that it’s now critical to add anomaly-based detection. If you’re not familiar with the terms, signature-based is used to counter threats we know, anomaly-based looks for changes in behavior.
Threat actors are very aware that the rapid shift to remote work during the COVID crisis led to an exponential increase in BYOD use. As a result, they are aggressively targeting mobile devices for malware campaigns. Mobile devices quickly became one of the most widespread malware targets, with up to 24,000 malicious apps blocked per day.
In this post, I’ll share some of the many solutions you have available to minimize malware threats. Cisco’s Advanced Malware Protection (AMP) for endpoints is a robust detection, protection, and response solution designed to protect the endpoints we use the most. It offers antivirus and malware protection but takes it a step further with the advanced capabilities of Cisco Talos and SecureX. With the artificial intelligence capabilities of Talos, Cisco AMP can learn to protect endpoints from threats before they even arise. SecureX allows for enhanced visibility into all threats and can even automate specific incident responses, freeing up your security analysts’ time to focus on more critical incidents.
Mobile Device Management
If your organization has already implemented or is thinking of implementing a BYOD policy, your IT team will need a way to effectively manage all of the endpoints that connect to your network. This will allow them to see all devices connected, push security policies, and freeze lost devices, protecting proprietary data from getting into the wrong hands.
There are many mobile device management solutions, including MobileIron’s industry leading Unified Endpoint Management (UEM). UEM offers security teams a solution to many of the concerns associated with BYOD deployments. It allows the quick and seamless onboarding of new devices from anywhere, and policies can be built to protect the device as well as the apps and tools used on the device as well. MobileIron utilizes a zero-trust approach to endpoint management, meaning that only those with the proper authorization can access critical business data.
Managed Detection & Response
Even the best security solutions can’t guarantee that they will catch every threat. New advances in malware, less experienced or understaffed teams, and insufficient threat detection solutions can contribute to a potential gap in protection for your organization.
The Managed Detection & Response Solution (MDR) solution from Arctic Wolf is a cloud-based platform that leverages the expert security analysts at Arctic Wolf to do the monitoring for you. This concierge-as-a-service approach to security management can enhance threat detection and response SLAs, as well as a faster recovery time if a breach occurs. Given that the mean time to identify (also called dwell time) an intrusion to an IT environment is roughly 203 days, solutions like Arctic Wolf add significant value to your security operations without the overhead of employing equivalent full-time resources.
I’m not big on spreading FUD (fear, uncertainty, doubt). Still, when a cybercriminal can sit inside a network for more than six months exfiltrating data and learning user behavior to execute spear phishing attacks, it’s time to take a serious look at solutions like those from Arctic Wolf.
Be Cyber Smart
To BYOD or not BYOD isn’t an option any longer, with all employees expecting to use their personal device at work, inside and outside the corporate network. Although you might not be responsible for providing the equipment employees use to conduct business away from the office (e.g., personal mobile phones, or consumer-grade WiFi routers at home), you are responsible for securing them.
Using security tools that proactively protect devices and those with advanced detection capabilities helps keep your critical business information protected from anywhere, on any device. Coupling those tools with a comprehensive managed detection and response solution will further protect your users and the data they need to stay safe and productive while outside of the office.
If any of the ideas in this post resonate, or you would like more information about securing mobile devices in your remote work environment, we are here to help. Contact us today or return to the blog to learn more about our approach to enabling your business success.