How to Mitigate Risk With Remote Access
Telecommuting is on the rise, and there’s little sign that this trend will change any time soon. According to Gallup’s State of the American Workplace report, 43 percent of employees worked remotely in some capacity in 2016, up from 39 percent in 2012. What’s more, people who telecommute are now spending more time away from the office: 31 percent of telecommuters spent most of their time working remotely in 2016, a rise of 7 percent over four years.
Employees working remotely still need access to enterprise systems and technology in order to do their job while they’re away from the office. However, with the rise in telecommuting also comes a rise in the security risks that employees and businesses may face. Although these issues aren’t serious enough to put an end to telecommuting, companies that allow employees to work remotely should be aware of these risks and how they can take steps to mitigate them.
The Risks of Remote Access
The convenience of telecommuting also brings with it vulnerabilities and security issues. For example, the massive 2013 breach of the retailer Target, which resulted in the theft of 70 million credit and debit card numbers, occurred after hackers gained access to the Target network using the remote access credentials of a third-party HVAC vendor.
Although a company’s IT department can manage security on the enterprise end, managing security on the remote user’s end is much more difficult. Many employees who work remotely use their personal computers, smartphones and tablets to connect to their enterprise network. However, employees might not maintain the same security standards on their personal devices that they are required to maintain at work. Personal devices can suffer from problems such as weak passwords, no antivirus or anti-malware programs, or lack of security patches and updates.
The Target breach and other massive data breaches, such as the 2014 cyberattack on Home Depot, show the risks associated with providing system credentials to a third party. Companies who share data with third-party vendors and contractors should make sure that these third parties follow the same stringent security policies that are enacted internally within the organization.
Mitigating IT Security Risks in a Remote Access Environment
Although remote access presents a host of security risks, mitigating these risks is both possible and necessary. To begin with, remote access is a privilege, not a right. Only those employees who need remote access for their job should be able to use it, and they should only have access to the systems and information that they require.
Companies should ensure that both their network and the user’s device are up-to-date and using adequate protection such as firewalls and antivirus programs. In addition, remote employees should use Virtual Private Network (VPN) software that deploys point-to-point encryption to connect to the company network in order to protect the exchange of sensitive information.
If at all possible, users should verify their identity withnot only a password but also another validation method. Passwords are a relatively weak method of authentication, but when paired with another identifier, they can provide additional security. Identifiers might include security certificates, security tokens, confirmation codes sent to the user’s phone or email, or biometric identifiers such asfingerprints or voice recognition. Two-factor authentication constructs an additional barrier that requires would-be hackers to attack the authentication mechanism via multiple approaches.
Working with ATS is a breath of fresh air. ATS takes our information security concerns seriously and advises us how to avoid potential pitfalls with both hardware and software. We are beyond thrilled with ATS and only wish we had selected them a year earlier.
ATS has been our trusted partner in recent upgrades we have made to our IT infrastructure and cyber security. Their account management, project management, and technical teams have all provided top-notch service, guiding us to make informed decisions, managing timelines for multiple projects, and most of all, listening to our needs and making recommendations based on our unique work environment. During the transitions, they have kept us operating smoothly and provided quick and helpful support through their Help Desk.
I just wanted to take a moment to reach out and thank you for the excellent service you and your team have provided with the hosted SEIM solution. AlienVault is great, but the real value comes from your partnership. The appliance would not do nearly as much for us without your monitoring and consulting services. You have always been on top of things and there for us whenever there is an incident. I feel confident in that our network is secure and I am able to report that our board and clients with full assurance.