Home Did you know ? Managing the Insider Threat of Remote Workers

Managing the Insider Threat of Remote Workers

by Mic Johnson

Remote work has become increasingly common in the wake of COVID-19. The need for employees to stay home from the office drove many organizations to suddenly support telework programs, often without proper preparation.

Many of these organizations were forced to implement these programs with the technology that they already had in place, such as virtual private network (VPN) infrastructure. However, these solutions are limited and often drive organizations and employees to take action that places the company at risk of cyberattack. A modern secure networking solution, such as secure access service edge (SASE), is necessary for companies wishing to securely continue to support remote work programs.

VPNs Do Not Scale to a Remote Workforce

When transitioning to a mostly or wholly remote workforce, secure connectivity between the employees and the corporate network is a necessity. As employees are working from insecure networks and accessing sensitive data and functionality, encrypting these communications is an essential protection against eavesdroppers.

Many organizations have turned to VPNs to provide this secure connectivity. A VPN endpoint can be deployed on the corporate network, and teleworkers can securely connect to this system via a VPN client. Communications along this connection are encrypted, providing the teleworker with the same experience as if they were directly connected to the corporate network and enabling the company to maintain visibility and security inspection for all business traffic.

VPNs have a number of shortcomings though, and one of the most significant is a lack of scalability. Each of an organization’s remote employees requires their own connection to the VPN endpoint, and most organizations only design their VPN infrastructure to support a small fraction of their workforce at any given time (often less than a third). Attempting to support the entire workforce during business hours with infrastructure not designed for the task results in degraded network performance.

Ensuring Productivity Endangers Security

During the COVID-19 pandemic, employees didn’t have the choice of whether to work from home or the office. The need to maintain “business as usual” while working from home meant that companies and employees alike took steps that could improve productivity at the cost of potentially jeopardizing security.

  • Split-Tunnel VPNs Leave Companies Vulnerable

Most users of VPNs use full-tunnel VPNs. These VPNs end all of the user’s traffic encrypted to the VPN endpoint. This is the logical choice for most use cases, whether an enterprise wants full visibility into business traffic or an individual wants to watch Netflix in a country where it is unavailable.

However, using a VPN in full-tunnel mode isn’t the only option. Split-tunnel VPNs enable their users to specify that certain traffic goes directly to its destination while the rest flows through the VPN tunnel.

The use of split-tunnel VPNs is a potential solution to the VPN scalability problem faced by many organizations. By sending only traffic intended for the corporate network over the VPN tunnel, these organizations can avoid the additional load associated with the traffic intended for destinations outside the corporate network, such as the organization’s cloud-based infrastructure. In fact, this approach has been widely recommended as a solution to the VPN scalability problem.

The issue with corporate use of split-tunnel VPNs is that any traffic flowing directly to the public Internet is not scanned or protected by the organization’s cybersecurity defenses. This means that teleworkers’ devices – which may be personally-owned and lack the corporate antivirus – are potentially exposed to malware or other cyber threats. An infection on a teleworker’s device can access any sensitive data stored there or use the employee’s VPN connection to attack the corporate network.

  • Employees Download Sensitive Data for Offline Use

Overwhelmed VPN and cybersecurity systems on the corporate network degrade network performance. For employees that need to frequently access data or other resources to do their jobs, this can negatively impact their productivity and job performance.

One workaround that minimizes the impact of network issues on employee productivity is to make local copies of the data that the employee regularly needs to access. Once the employee has a copy of the data stored on their local device, their need for access to the corporate network decreases, improving both their productivity and the network’s performance for other users.

While this approach may seem logical to employees impacted by slow network speeds, it places an organization’s sensitive data at risk and potentially exposes the organization to fines for regulatory non-compliance. A teleworker’s computer – especially a personally-owned one – is unlikely to have the security protections that the sensitive data has on the corporate network and that are mandated for regulatory compliance. A local copy of sensitive data could enable a data breach that would be difficult or impossible for a company to detect if the attacker never accesses the corporate network.

The Need for a Scalable, Secure WAN Solution

Implementing a short-term remote work program in the face of a pandemic using existing solutions, like VPNs, makes sense for organizations with limited time and resources. However, these approaches to secure remote networking have their limitations.

The impact of inadequate VPN infrastructure on network performance can be significant, and employees will often do what is necessary to make their jobs easier, even if it jeopardizes security. As telework programs become an extended or indefinite option, companies require solutions that actually meet both their networking and security needs.

You may also like