Rapid change requires rapid adaptation and today, IT teams find themselves in the middle of one such event calling for this. Dealing with change is part and parcel of life in tech, but when change happens too rapidly, it’s worth taking a look around to see how others are coping.
There is no shame to be had in ideas and approaches that were “not invented here.” The concepts of best practices and standardization exist exactly so that we can share our knowledge throughout the industry. There is no point in reinventing the wheel if someone else has done it for us; it frees us up to focus on something more valuable.
So, what basic practices can IT teams deploy across organizations to tackle this sudden change? We’ve taken some time to dig up a few examples.
Remote Work: Are You Prepared?
Remote workers work remotely. It’s kind of in the name. But the very idea of remote work is abnormal for many organizations – even in this day and age. When work is physically dispersed, our digital worlds are turned on their heads. Data flows in different directions, as resources are accessed from different locations. This is not without real-world implications for information security.
As 2020 becomes the year remote work rises to the top of IT teams’ agendas, what new threats – digital and physical – should be kept in mind? If knowledge is power, where can you go for useful learning resources?
The best place to start is to look at what’s actually happening in the world.
ZDNet has addressed some of the current security challenges surrounding us at work today. Armed with this knowledge, you’ll be ready to make rational decisions about what changes need to be made to defend your network.
Don’t Get DDoS’d
A Distributed Denial-of-Service (DDoS) attack floods a target with spurious network traffic to saturate the victim’s internet connection. These attacks have dual effects: first, they deny the victim access to the internet through that connection and, second, they also deny anyone attempting to access resources on the other end of that connection access.
Remote workers must still access resources to do their jobs, which are often located either in a public cloud or behind the organization’s VPN. As the number of remote workers increases, any network chokepoint becomes a target for malicious actors.
As one might expect, DDoS attacks are on the rise in today’s environment. Cybercriminals often use DDoS to extort victims, with a “Pay up, or we’ll take you offline,” approach. Under “normal” circumstances, it can be effective. However, with much of the world now on lockdown, the risks created by DDoS attacks are magnified.
There are several approaches that can be used to mitigate DDoS attacks:
- For data center resources, DDoS mitigation services, such as the Juniper Connected Security/Corero solution, can significantly mitigate the impact.
- For public cloud resources, the use of multiple availability zones, and/or the use of DDoS mitigation services provided by the public cloud vendor, can also provide relief. Content delivery networks can be used in a similar fashion, though they can only front-end some services and not others.
DDoS is a challenge for organizations of all sizes. One of the most common mitigation techniques is simply to diversify entry points. The fewer bottlenecks that exist in your network architecture, the lower the risk. If you have DDoS concerns, Juniper can help.
Living and Working Securely in Both the Real and Digital World
Access to an organization’s data center is heavily restricted. Access to most workspaces, especially computers, is restricted virtually everywhere. From passwords to security guards, organizations make a concerted effort to keep people out of their stuff. This cannot change just because remote work is increasing.
Remote workers must be vigilant about their local work environments. That company notebook can give attackers access to a great deal of sensitive corporate data and should be protected as such.
In addition to digital hygiene practices, such as being careful with password reuse and locking our computers when we’re not using them, we need to be equally concerned with physical security. The uptick in remote workers increases the number of corporate notebooks. These are tempting targets, especially given the access to organizational networks they may provide.
Even under the current isolation conditions, many of us will have to leave our homes at some point. We must shop for groceries and other necessities. We may choose to work outside in the comfort of our own yards or balconies at home.
However, it’s important to remember that a moment’s inattention is all it takes to give someone the opportunity to steal that notebook, an attached flash drive or worse. Train your users about the cybersecurity risks of remote work. The Accidental CISO’s Guide to Remote Work is a great resource.
Back to Basics
When we experience changes to our routines, it’s often a good time to revisit the basics. Much of the difficulty of remote work revolves around ensuring your information is secure in the first place. Comparitech, a technology comparison site, has assembled an excellent article with 13 tips that explore the basic of information security, from two-factor authentication to using encrypted communications.
Realistically, many of these tips are difficult to implement manually and most of them are beyond the average end user to implement on their own. The list does, however, serve as a decent checklist for IT teams to make sure they’ve implemented the basics, not only in their own data centers, but in an automated and orchestrated fashion for individual users.
If you are having any trouble managing these – or other – information security capabilities, Juniper can help. Our technologies are designed to work at service provider scale. In addition, our Juniper Partners and the Juniper Professional Services team understand the challenges associated with scaling rapidly. We stand ready to assist our customers, as we all work to meet the challenges of today.
Work Smart…at Home
European cybersecurity agency (ENISA) has provided recommendations for organizations embracing remote work as a result of the current global health crisis. These basic recommendations will be familiar to seasoned information security professionals, but should be especially helpful to IT practitioners and those just beginning their cybersecurity education.
At Juniper Networks, we are committed to technology literacy and recognize the increased importance of skills development. For those looking for introductory cybersecurity education, this mini-book can help. To learn about the automation and orchestration that makes reliable IT at scale possible, we strongly encourage IT teams to visit NRE Labs.
In addition, Juniper is offering free virtual training. Whether you need a quick demo or certification testing, Juniper Training has a full online curriculum at your service. From virtual demos to Juniper Open Learning courses, Juniper vLabs and certifications with remote proctoring, discover what’s available here.
