How To Better Secure Remote Wi-Fi Connections

Working remotely used to be a privilege only a small percentage of workers had and the accompanying security infrastructure largely reflected this: remote workers signed into corporate networks via VPN for increased security. 

However, the global pandemic hit and organizations all over the world went fully remote overnight; VPNs were no longer adequate and the notion of a corporate perimeter disappeared. With this shift appeared the Work From Anywhere phenomenon. 

At the onset of the pandemic, IT and security teams were scrambling to enable business continuity, ensuring all employees could work remotely while maintaining the appropriate access to previously on-premise only resources. This meant employee home network security, and keeping remote systems configured securely and compliant became concerns. 

The remote Wi-Fi networks corporate endpoints are connecting to remains a weak point in any security architecture. Work From Anywhere has caused IT security professionals to rethink remote work and the security risks it poses, by asking: 

  1. What solutions will improve security of our devices connecting to untrusted Wi-Fi networks in employees' homes?

  2. How can we extend control over these devices when they connect to the Wi-Fi networks outside of the corporate perimeter?

And as more endpoints connect to insecure networks and more data is stored on the endpoint, the results can be seen in the recent surge in attacks against remote endpoints and further amplifying the risk Work From Anywhere poses to Organizations.4

Short-term Workarounds

We have seen a few different approaches taken by IT and security teams to try to mitigate these risks:

  • Some IT teams helped users change the default credentials of home routers, raising the baseline of router security.

  • Some organizations took it a step further beyond just changing default passwords by buying new routers for all their remote employees

  • Other organizations simply opened up their corporate and production networks to all employees regardless of network location just so their employees could continue to work. 

However, these actions were all short-term workarounds to the core problem - corporate devices connected to these untrusted Wi-Fi networks are still exposed to a number of threats and security teams don’t have the visibility nor control they once did when endpoints connected from inside the corporate perimeter. 

Improving Wi-Fi Security through Endpoint Micro-Segmentation

The future remains yet to be seen of how much time will be spent in the office versus working remotely, however corporate network architectures and security infrastructure will be changed forever. Organizations are now rethinking how they will secure their remote endpoints and corporate networks in this new normal. 

Zero Trust has emerged as the most suitable strategy for protecting a decentralized workforce and the Byos µGateway is a simple way for protecting these remote devices on insecure local networks. By giving corporate devices their own protected micro-segment of one that security teams can control, the risk posed by this new normal is greatly reduced.

References

  1. https://www.tripwire.com/state-of-security/featured/security-execs-overcoming-challenges-remote-work/

  2. https://threatpost.com/helping-remote-workers-remote-attacks/156467/ 

  3. https://resources.malwarebytes.com/files/2020/08/Malwarebytes_EnduringFromHome_Report_FINAL.pdf 

  4. https://www.itprotoday.com/endpoint-protection/surge-endpoint-attacks-calls-changes-endpoint-protection 

Defending Against Lateral Movement in the Remote Work Era

Extending Zero Trust to any Remote Wi-Fi Connection