Right now many folks are realizing that working from home isn’t the same as working from the office. It’s a mixed blessing in many ways. On the one hand, getting back the time spent commuting is a boon for just about anyone. On the other hand, communicating with colleagues isn’t as easy as having a face-to-face conversation.

As we’ve all adapted to changes, individuals and organizations have scrambled to remain productive while working remotely. In many cases new tools have been introduced for communicating and sharing information while off the company network.

Providing the networking solutions to support an increase in remote workers, or even setting up an entirely new remote working function in a short time frame, is no easy feat.  IT teams have delivered, providing what was necessary with what was available.

So now that the dust has somewhat settled, and we all are getting used to a new normal, it is a good time to review your security posture. The fact is that remote work introduces a number of security concerns that are different from working on premises. It’s important to review the tools brought onboard, the risks that come with them, and see what can be done to manage these risks.

Securing the endpoint

One of the first challenges many organizations faced, as work shifted from the office to home, was ensuring that employees had access to devices that would allow them to continue to perform their jobs.

For employees with laptop computers and company mobile devices, this wasn’t difficult. However, many have had to come up with more creative solutions.  In some instances, desktop systems have been sent home with employees. In others, old, but still functional, laptops have been taken from storage and allocated to employees. In still other cases employees have been given the option to work using personal devices.

Now that things are up and running, and initial challenges overcame, it’s time to consider a security audit. It’s likely that some of these devices are not compliant with organizational security policies.Some devices may be unpatched or installed with operating systems (OSes) that may no longer be supported. This clearly poses a risk from a security standpoint, as unpatched vulnerabilities may be exploited by attackers.

Vulnerable systems should be fully patched as soon as possible.  This applies equally to employee-owned and corporate devices. Indeed, any system with current access to company resources and data needs to be up to date with patches.

It almost goes without saying that login passwords should be enabled on any devices used for work. Screens should also lock after a period of inactivity. However, a lot of end users rationalize bypassing these security steps because they’re the only one that uses their device. In a remote working environment with workspaces and laptops potentially shared with other family members, it’s all the more important to protect confidential information with these basic protections.

Sanctioned software

In the rush to support remote work, employees may have turned to a wide variety of publicly available online applications in order to communicate and share information with their colleagues. Now would be a good time to identify the software needs of employees, reassess software, services, and platforms that are being used, and set policies around software that is sanctioned for company use.

There are a number of reasons why this is important. Foremost, with a variety of applications and services in use, it’s difficult to keep an eye on the security of a network with such a large footprint. Reducing the number of sectioned software applications will reduce that footprint markedly, making it easier to monitor.

The same issues that apply to OSes also apply here: software should be fully patched and up to date. Vulnerabilities in software applications can be exploited, leading to further malicious activity. Many software companies take vulnerabilities very seriously, and work to quickly patch them. It’s worth looking at their response times when faced with such issues.

It’s also worth keeping in mind that consumer-oriented services do not necessarily provide corporate levels of data confidentiality and integrity. Organizations need to know where business data is located, and what controls are in place to ensure compliance with data management policies and regulations. Consumer or ‘free’ services may not have been designed to provide data life cycle management. A rapidly implemented quick fix can easily lead to exposure to data breach risk or violating privacy legislation, such as the European Union’s GDPR and California’s CCPA.

Connecting to the corporate network

Equally important as having secure devices is ensuring they can also connect to company resources.

First and foremost, a secure connection is a necessity. It may be tempting to use remote access features already baked into the operating system. However, these solutions don’t come without risks.

The Remote Desktop Protocol (RDP) is an attractive solution for remote access, but it has many potential security weaknesses. Notably, the RDP service can be the focus of brute force attacks, attempting to find valid credentials by guessing usernames and passwords, or logins with credentials stolen via phishing attacks. The system can also be susceptible to man-in-the-middle and denial of service attacks. Although it is possible to securely configure RDP access, it is best practice not to expose RDP servers to the internet and rely on the protocol for your users’ access.

Instead, make sure you’re using a virtual private network (VPN). Many organizations today use VPNs to securely connect to a corporate network from outside. The communications are encrypted, and users are authenticated before a connection to the company network is established. Additionally, VPN clients can ensure that remote systems comply with policy, even installing updates or anti-virus software, for example, as part of the connection process. Non-compliant systems can be prevented from accessing the network, until they meet your policy requirements.

To further ensure that the users that are logging onto your network actually are who they say they are, multi-factor authentication is a must. When someone attempts to log into your network, confirmation on a secondary device is required before access is granted. This will prevent someone who has stolen legitimate credentials, or overly curious family members, from gaining access to your network or sensitive systems.

Scam awareness

Our last suggestion isn’t something you do with your network or devices, but rather your people. Bad actors often leverage major news topics in an attempt to trick users and steal information from them or compromise their systems with malware. Our current situation is no different. It’s important that your employees are aware of these scams to help prevent them from falling prey.

Cisco threat researchers have been hard at work keeping an eye on the threat landscape. Talos Intelligence has published multiple blogs about these activities, covering how bad actors are leveraging current events in their attacks, detailed recommendations for enterprises being targeted, and updates on new campaigns as the appear. In addition, researchers from Cisco Umbrella provide insight into the increases in malicious domains that are capitalizing on current events, and the threats that are currently being leveraged.

How to protect yourself

It’s no doubt that it’s been a scramble for many to transition their workforce from in-office to remote. Fortunately, Cisco is here to assist.

You may have heard that Cisco Webex expanded its free offerings to allow employees to stay connected to their teams and continue their business operations. In the last month Cisco has broadened this offer to include security for remote employees by extending free licenses and allowing expanded usage counts at no extra charge.

Cisco AnyConnect Secure Mobility Client simplifies secure access to the company network and provides the security necessary to help keep your organization safe and protected. It also allows you to assess the security posture of devices that are connecting and determine if they meet company policies.

Duo Security enables organizations to verify users’ identities and establish device trust before granting access to applications. By employing a zero-trust model, it decreases the attack surface and reduces risk.

Cisco Umbrella’s cloud-based services can protect users from malicious Internet destinations. In addition to expanded free offerings, Umbrella has shared tips on how to protect yourself from phishing attacks.

To protect those new devices that have been added to the network, as well as existing devices, there’s Cisco Advanced Malware Protection (AMP) for Endpoints, which blocks malware as well as detects, contains, and remediates advanced threats. AMP can help you gain visibility and control of remote devices, allowing you to see where a threat came from, where it’s been, what it’s doing, and if necessary, isolate the compromised endpoints.

For further information on how to sign up for these free and expanded offerings, check out our Cisco Secure Remote Worker page.

Enjoyed reading this Threat of the Month? Subscribe to the Threat of the Month blog series and get alerted when new blogs are published. 



Ben Nahorney

Threat Intelligence Analyst

Cisco Security