Network Security for Remote Workers

The shift from in-office to remote work happened (quite literally) overnight. Work from home was forced onto many during the onset of the COVID pandemic, and it was astonishing how quickly people and organizations alike adapted to this new work style.

While many have left the office behind for good, there’s no need to leave network security behind with it! Traditional network security stacks don’t work for remote workers, but luckily, it’s not the only option.

TRADITIONAL NETWORK SECURITY ISN’T ENOUGH ANYMORE

Traditional network security was designed around the office building. Employees come into the office each day and work on site with firewalls and web proxies in place. This is considered the “traditional security stack.” It’s meant to protect on-site employees while they access the internet and prevent third parties attempts to access internal resources. 

While the traditional security stack has worked well for the past 20 years, it just isn’t enough anymore. The world has changed and today, most of the tools that companies are using are located in the cloud. Think Office 365, Google, Salesforce, etc. Very few companies are still running exchange servers on the premises anymore.

Furthermore, remote workers are playing an increasingly important part in modern businesses after COVID. Not just tech companies—even industries like finance and healthcare have had no choice but to adopt a hybrid remote and in-office workstyle. And this change is here to stay.

Unfortunately, these here-to-stay remote workers are essentially bypassing the traditional network security stack installed in-office and are going straight to the cloud. Even more unfortunate—the bad guys know this is happening. Malicious actors are aware that security measures are not in place for a large percentage of the workforce, a large percentage of the time, now that teams are no longer working exclusively in-office.

SECURITY SERVICE EDGE (SSE) IS A MODERN SOLUTION

What is Security Service Edge? Simply put, it’s a set of security capabilities that are not tied to the office location, but instead delivered through the cloud to secure workers.

Sound familiar? SSE is very similar to Zero Trust. Over the years, these two terms have come to mean largely the same thing: Allow a business’ users to connect to their resources while giving them the least privilege access after explicitly verifying who they are and the device they are using—and do all this independent of an office’s location. 

However, Zero Trust is focused on the applications in use, and therefore can’t offer full protection on its own. If users click on a bad link, their protection is lost. While giving least privilege access is important, users still need to be protected in case they make a mistake.

A core factor for success with SSE is making the security feel invisible. Never underestimate the importance of user experience when shopping for an internet security solution: If the user experience is slow, users will find a way around it. While having users connected to a VPN may put security measures in place, it may also slow down their computers and remove their privacy. It’s no surprise that many remote workers don’t want to connect. 

What’s the solution? A seamless, fast protection. 

DNS IS AT THE CORE OF MODERN SECURITY ATTACKS

DNS filtering is essential to protect remote users—In fact, 78% of threats involve the DNS layer. In 2022 alone:

• 88% of organizations experienced a cyber-attack.
• 51% of organizations were victims of phishing.
• 43% of organizations were victims of ransomware.

Unfortunately, most firewalls, antivirus, and traffic monitoring solutions don’t include the necessary safeguards to prevent or even combat DNS-based attacks. 

Some may say their industry isn’t important enough to be targeted for cyber-attacks, but no industry is immune:

• Finance: Most attacked, for the highest value - $1.3m
• Healthcare:  53% were a victim of phishing attacks
• Telco: Most targeted by DDoS attacks (37%)  
• Retail: Highest in service downtime when attacked: (50%)
• Manufacturing: 30% were victims of zero-day vulnerabilities

DNS filtering allows the configuration of different policies for different employees and devices. This means it’s possible to create unique policies that allow users to work from personal devices, while still retaining a level of privacy.

There are two main options to protect BYOD from internet threats:

1: Install a device manager. This option sounds good to security professionals, but the sentiment is not quite matched with most users. Many users are against a managed BYOD program like this because they value their privacy and want control on their personal devices. 

2: Block access on unregistered devices. Users can register their devices by downloading a client that promises to be privacy conscious, not wipe their device, and won’t slow down performance or kill their battery life. This option tends to go over much better with the average user.

CONCLUSION

Times have changed and network security needs to change with them. Stop trying to recreate the in-office security stack for remote workers. Modernizing IT means moving security management to the cloud.

For organizations unsure how to adapt, the question is this: What would be the first step if there weren’t currently any security in place? This step back allows a clear look at what the company’s priorities are and the best options in the organization’s current state.

And if all else fails, start a free trial of DNSFilter!