Employee remote access threats vs. vendor access threats

February 01, 2019//SecureLink

Last Updated: April 29, 2019

The last decade saw a dramatic increase of enterprise employees leaving the confines of the company building to work remotely. The State of the Remote Job Marketplace report from FlexJobs found 2.9% of the entire United States workforce works from home at least half of the time. This introduces a significant security challenge for network managers.

Along with many people working remotely for their companies, enterprises are also progressively outsourcing critical operations to technology providers. This presents another security test as waves of third-party vendor reps need to remotely support their technology on enterprise networks.

While both of these instances require secure access management, the threats they introduce are unique.

Managing users inside the system

Remote access and the ability to work from anywhere is now ubiquitous among enterprise companies. Remote access allows employees to work from any location with an internet connection, sometimes without having to use a company-issued device. This is great for employee morale, but it complicates cybersecurity.

Privileged employee remote access is typically addressed using a privileged access management (PAM) solution. This allows network managers to provide a user with privileged credentials that can be used remotely. While this grants mobility and provides credential protection, user behavioral risks increase.

Hackers dedicate significant time to identifying the best ways to penetrate protected systems. A highly effective method is exploiting the humanity of an organization’s team. Social engineering attacks pose a serious threat to transient users. Remote employees could use a public network that isn’t secure or misplace credentials that are written on a sticky note. They are also susceptible to malware attacks without the safety of a protected environment or security training reminders.

Former employees must be addressed as well. It’s critical to delete privileged accounts and restrict access when users leave a company, which has always been a big security concern. However, it isn’t as burdensome when we focus only on internal users; when managing third-party access comes into the picture, though, it presents new challenges as users operate outside of the system.

Third-party users complicated threat management

Enterprises are increasingly reliant on third-party technology providers because these vendors enable organizations to decrease operational costs and increase agility. However, this partnership also multiplies the number of external users who have remote access to systems that house sensitive data. If this access is not adequately managed, these new users and accounts dramatically increase the risk of a security breach.

There are three key areas to focus on when trying to mitigate the risks associated with third-party access:

Identify and Authenticate

Vendor access is difficult to manage primarily because there are so many different users to account for. Multi-factor authentication is critical. Network managers must be able to customize authentication options and have the ability to offboard as easily as they onboard. This prevents vendor reps that exit the company from taking their access with them. 

Control Access  

Once a user is authorized, permissions need to be granted. This process can become onerous using traditional PAM solutions. A vendor privileged access solution that allows authorized parties to give access permissions will create an efficient working system for managers. Admins should have granular controls to make individual changes or impact access en masse. In addition, scheduled access by supervised or unsupervised technicians at a certain time adds to the efficiency and security of an enterprise network.

Audit

User activity should be monitored at all times, especially where external users are concerned. Network managers cannot control the security best practices of their vendor partners, but they can protect against risky user behavior. Tracking of support technician’s activity reduces unauthorized use and allows for thorough investigations of network issues. It’s important that you know who is on your system and what accessing regions they’re accessing. This complete network visibility is critical for compliance purposes as well.

Whether through internal or third-party credentials, attackers will continue to exploit any vulnerabilities in your remote access processes. In order to fully address the cybersecurity risks that are inherent in both types of access, enterprises need to understand the distinct threats of each and implement dedicated strategies. And remember, while technology solutions are an essential way to protect your systems, regular company-wide security training is at the heart of a truly secure network.

Leave a Comment

close close