By Jody Brazil, Founder and Chief Executive Officer, FireMon
This summer’s announcement from the government that all UK employees now have the right to request flexible working hours, giving them the opportunity to work from home, was a privilege that was previously only applicable to care workers or those with children. Amongst the reasons given for the change included an expected increase in productivity and staff morale and to support modern family life. However, the new law was met with a mixed response from some businesses. Whilst some have focussed on the additional pressures placed on organisations and how they operate, one area that has not been addressed is the potential security risk to the business. With employees working from home it means that IT managers have to reconfigure network and access rights to enable employees to securely access company information from home.
This means that IT departments are now faced with the daunting task of making many changes to their networks in order to ensure employees are able to access documents, emails, and communicate with colleagues from home. These changes increase the risk of inadvertent access from human error during policy creation and access rule implementation that can lead to a potential breach or malicious activity. And with most people connecting via home WiFi networks – and their unknown security postures – the risks increase further.
Neglected policies leave you vulnerable
The bottom line is that the firewall policies need to be correctly set up and configured so they allow authorised access to company networks when the employee is both in and out of the office. This, for example, may mean that certain applications that they have access to may need to be temporarily revoked or enabled depending on the employee’s location. This can be a lengthy and extremely time consuming task as all current policies and rules will need to be reviewed on a case by case basis. For smaller companies with a limited number of employees this shouldn’t be too difficult, but for larger organisations this can become an almost insurmountable task. This is where mistakes could be made as the reviewing of policies is often a neglected and infrequently conducted task, meaning many are out of date and this could open up holes in the network should the wrong policy be amended or linked to the incorrect application.
According to Gartner 95% of all firewall breaches will be caused by human error or misconfiguration and this is only going to be amplified as employees work from home. It is essential to audit the rules before they are pushed. It requires that the enterprise documents and implements security baseline policies.
Enterprises should adopt in-depth security protection tools to detect and stop threats such as APTs, but the vast majority of attacks can be blocked with restricted security policy and access control on the enterprise’s perimeter security. When configured correctly, firewalls can block attacks and can stop cyber criminals from leveraging applications for malicious use, both internally and externally.
Many organisations do already make some provisions to allow employees to work from home in the first place and on a temporary basis, for example, when they are unwell or travelling abroad, but it is vitally important that following this change in the flexible working laws that organisations carry out a full audit of firewall policies. This will not only identify unused rules – many of which may have been in place for years - that can slow down traffic, but can identify overly permissive rules, access to forbidden zones, compliance issues, and areas where attackers can leverage access to systems that may not be patched. Organisations need to not only ensure that employees are able to access applications and files, but also to ensure that applications and systems are not left accessible to non-staff.
Audit and assess
Conducting an audit of firewall access will allow IT departments to see exactly what access their employees have, as well as identify potential gaps in security, thus allowing them to plug these holes and ensure the corporate network remains secure. The audit will not only identify these rules, but can check the complexity and openness of rules, which can help to speed up traffic and reduce bandwidth consumption. In the past this process has been a tedious, manual one, but new security intelligence automation tools can now dramatically reduce the time required and increase accuracy.
In order to remain proactive and ensure that the corporate network is fully protected, organisations should also conduct real-time analysis of access to their networks. As employees connect from home, IT departments need to see what is being accessed, who has access and what they are doing. Understanding what is happening on your network at any given moment can help to identify abnormal activity, enabling IT departments to immediately spot any problems, as and when they occur.
By conducting audits and real-time assessments of network access, organisations can ensure that they remain secure, whilst allowing employees the access they need, without compromising productivity.