Defining Security Policies to Manage Remote Insider Threats

By Shomron Dasgupta, CEO and Founder, DNIF | Tuesday, 09 March 2021, 07:37 IST

Defining Security Policies to Manage Remote Insider Threats

The pandemic took the world by the storm. The sudden outbreak of the disease affected every aspect of our lives, be it personal hygiene, our healthcare systems or the way we work. Perhaps, the most revolutionary change has been brought in our workspaces.

Our workspace that had been undergoing a slow transformation towards newer technologies, are now propelled to match with the current times. Before the pandemic, about 52% of global employees worked remotely once a week and 68% preferred it once a month. Now, we saw a radical change in the way organizations operated, with changes in the work-from-home and IT security policies. The organizations that excused themselves from the stay-at-home culture (which make up to 44% companies globally) were forced to implement efficient remote setups or offer alternatives.

According to statistics by Flexjobs, 3.4% of the US workforces (about 4.7 million people) were already working remotely. The shift was significant, says a recent Gartner study, with about 88% organizations, globally, made it mandatory to work from home after the COVID-19 was declared a pandemic.

What’s more, the remote work setup has proven to offer several pros to the employer and employees, such as lower employee turnover, flexible scheduling, and better work-life balance. It also comes with certain cons, such as communication problems, team building, and security risks.

The legacy systems that worked well for in-house teams protected them from internal and external threats. These systems included corporate firewalls, intrusion-detection systems, and network monitoring among several others.

As several new organizations are entering the domain and others are making a total shift, it is time to set up new standards of perfectly-defined IT security policies to mitigate any security risk. It is, indeed, a good time to make the security infrastructure more robust for people working remotely.

Remote employees have desk jobs and rely heavily on technology — be it the official email client, video conference apps, collaboration tools and more. Organizations need to urgently shift from the security policies made due to the pandemic to having it as a new norm, a policy that lasts.

Easy Access to Company Assets

Remote employees will continue to need access to company assets, such as knowledge banks and old databases. Without the access, it would be impossible for certain roles to perform their jobs. Organizations would need to define policies that cover company-owned assets, for example, restricting access to only certain roles for efficient threat tracking. Another access-based restriction can be placed on corporate VPNs that employees use.

Defining security policies will ensure more confidence towards making a work-from-home policy permanent. The minute details and terms & conditions of the policy need to be put down with utmost care. For instance, adding employees to the same VPN without split tunneling or other measures will strain the VPN bandwidth and lead to poor user experience.

In addition, since not all companies can afford to increase VPN bandwidth, the IT policy should include the details for alternatives like split-tunnel connections. Here, a solution is to direct traffic to corporate assets over the VPN and other traffic through user’s ISP. Thus, in this case a policy can be put into place to avoid consuming excess bandwidth when users connect to a video conference over the same VPN.

Monitoring Remote Threats

It is challenging for organizations to monitor users remotely due to several hurdles. The first and foremost challenge is that all network traffic is fed into third-party assets for analysis.

It is necessary to ensure that all assets are securely monitored even when all users are remote. The best solution is to connect to the corporate VPN at all times — even if only with a split-tunnel connection. This will enable efficient monitoring of employee assets, and the network, thereby ensuring early threat detection.

While a split-tunnel may not show all the traffic, it will still be able to show the malicious connections that go back via the corporate VPN. The IT team can then immediately disable the access of the company asset, intimate the employee, and prepare the device for quarantine.

A Policy that Lasts

Every organization has a complex IT infrastructure and it has increased manifold with the employees remotely. Several new personal devices may also be added to the network along with collaboration tools and video conferencing apps, just to begin with. A robust security policy will manage these new complexities and welcome more solutions.

The absence of an official security policy will leave loopholes that can be exploited by new threats. The employees will also be unaware of the proactive steps they need to take at home to make their work easier and safe from potential data breaches. An official security policy may just be what your organization needs to help employees access corporate data from home, and keep doing so in the long run.

Further, as every organization works differently, it is essential to draft the policies to be employee-oriented. A cultural shift has been observed as people prefer to work from home. For the companies that do plan to resume operations once the threat of the pandemic has subsided, it is essential to create a security policy that accounts for both types of employees that need to work from home and who are returning to the office.

Thus, once the way ahead is determined, decisions can be made to amplify infrastructure, implement new security tools (or enhance existing ones) for a predictable threat surface area.

Work from home is the new normal — several statistics have continually proven this in 2020. The pandemic may prove to be the golden age for the work from home culture as new solutions and robust policies will enhance the security posture of businesses while encouraging more and more people to join it.