NETWORK SECURITY FOR REMOTE WORKERS
by Serena Raymond on Jun 6, 2023 12:37:00 PM
The shift from in-office to remote work happened (quite literally) overnight. Work from home was forced onto many during the onset of the COVID pandemic, and it was astonishing how quickly people and organizations alike adapted to this new work style.
While many have left the office behind for good, there’s no need to leave network security behind with it! Traditional network security stacks don’t work for remote workers, but luckily, it’s not the only option.
TRADITIONAL NETWORK SECURITY ISN’T ENOUGH ANYMORE
Traditional network security was designed around the office building. Employees come into the office each day and work on site with firewalls and web proxies in place. This is considered the “traditional security stack.” It’s meant to protect on-site employees while they access the internet and prevent third parties attempts to access internal resources.
While the traditional security stack has worked well for the past 20 years, it just isn’t enough anymore. The world has changed and today, most of the tools that companies are using are located in the cloud. Think Office 365, Google, Salesforce, etc. Very few companies are still running exchange servers on the premises anymore.
Furthermore, remote workers are playing an increasingly important part in modern businesses after COVID. Not just tech companies—even industries like finance and healthcare have had no choice but to adopt a hybrid remote and in-office workstyle. And this change is here to stay.
Unfortunately, these here-to-stay remote workers are essentially bypassing the traditional network security stack installed in-office and are going straight to the cloud. Even more unfortunate—the bad guys know this is happening. Malicious actors are aware that security measures are not in place for a large percentage of the workforce, a large percentage of the time, now that teams are no longer working exclusively in-office.
SECURITY SERVICE EDGE (SSE) IS A MODERN SOLUTION
What is Security Service Edge? Simply put, it’s a set of security capabilities that are not tied to the office location, but instead delivered through the cloud to secure workers.
Sound familiar? SSE is very similar to Zero Trust. Over the years, these two terms have come to mean largely the same thing: Allow a business’ users to connect to their resources while giving them the least privilege access after explicitly verifying who they are and the device they are using—and do all this independent of an office’s location.
However, Zero Trust is focused on the applications in use, and therefore can’t offer full protection on its own. If users click on a bad link, their protection is lost. While giving least privilege access is important, users still need to be protected in case they make a mistake.
A core factor for success with SSE is making the security feel invisible. Never underestimate the importance of user experience when shopping for an internet security solution: If the user experience is slow, users will find a way around it. While having users connected to a VPN may put security measures in place, it may also slow down their computers and remove their privacy. It’s no surprise that many remote workers don’t want to connect.
What’s the solution? A seamless, fast protection.
DNS IS AT THE CORE OF MODERN SECURITY ATTACKS
DNS filtering is essential to protect remote users—In fact, 78% of threats involve the DNS layer. In 2022 alone:
- 88% of organizations experienced a cyber-attack.
- 51% of organizations were victims of phishing.
- 43% of organizations were victims of ransomware.
Unfortunately, most firewalls, antivirus, and traffic monitoring solutions don’t include the necessary safeguards to prevent or even combat DNS-based attacks.
Some may say their industry isn’t important enough to be targeted for cyber-attacks, but no industry is immune:
- Finance: Most attacked, for the highest value - $1.3m
- Healthcare: 53% were a victim of phishing attacks
- Telco: Most targeted by DDoS attacks (37%)
- Retail: Highest in service downtime when attacked: (50%)
- Manufacturing: 30% were victims of zero-day vulnerabilities
DNS filtering allows the configuration of different policies for different employees and devices. This means it’s possible to create unique policies that allow users to work from personal devices, while still retaining a level of privacy.
There are two main options to protect BYOD from internet threats:
1: Install a device manager. This option sounds good to security professionals, but the sentiment is not quite matched with most users. Many users are against a managed BYOD program like this because they value their privacy and want control on their personal devices.
2: Block access on unregistered devices. Users can register their devices by downloading a client that promises to be privacy conscious, not wipe their device, and won’t slow down performance or kill their battery life. This option tends to go over much better with the average user.
Times have changed and network security needs to change with them. Stop trying to recreate the in-office security stack for remote workers. Modernizing IT means moving security management to the cloud.
For organizations unsure how to adapt, the question is this: What would be the first step if there weren’t currently any security in place? This step back allows a clear look at what the company’s priorities are and the best options in the organization’s current state.
And if all else fails, start a free trial of DNSFilter!
DNSFilter has been named a leader in Secure Web Gateway, DNS Security, and Web Security categories on G2, earning an impressive 29 badges and named in 29 reports. This includes new badges such as High Performer EMEA and Leader Americas in the Web Security category.
These accolades are a testament to our commitment to our customers. We are particularly proud of our badges for ease of implementation, administration, and quality support. Providing ...
At the end of June, Vint Cerf, one of the “fathers of the internet” published an article on Medium in response to a drafted bill by the French Republic. You can read the original French proposal here, but we’ll also include a version translated into English at the bottom of this article.
First, let me provide a quick summary of what the bill is proposing:
Spurred on by the proliferation of cyber threats and attacks, the government of France is pr...
If you’re a football fan like many of us at DNSFilter, it’s possible you have a fantasy league in the office or with your friends. Our #sportsball slack channel is keeping many of us going as the weather cools down and the days get shorter. It’s a fun way to discuss and track the football season (and potentially win bragging rights and the respect of your fantasy prowess).
Now you might be thinking, “How on Earth could fantasy football possibly ...