When the coronavirus struck, America was suddenly forced into a great experiment. Prior to COVID-19, less than 5% of the US workforce worked from home more than 50% of the time. Working from home was a luxury for a fortunate few. The ability to “work from home” on Fridays was an excellent way to start your weekend early without an end-of-week commute.
And then suddenly it all changed. Because of the pandemic, companies were forced to have all their employees who could work from home shift to working remotely.
This was a transition that came upon us suddenly and many organizations were ill-prepared. Companies scrambled to find hardware as IT departments needed VPNs – all the while all this chaos was creating opportunities for hackers.
In this blog, we are going to explore some of the challenges and lessons related to the move toward remote work. Because as we will see, for much of the US workforce working from home is here to stay.
Social Distance and Quarantining
When the recommendations regarding self-quarantine and social distancing were announced, many companies were unprepared. Laptops, VPNs, and network security protocols all suddenly needed to support a near 100% shift to remote work. UCLA and many other universities announced that campuses were closing and suddenly thousands of laptops and iPads needed to be purchased for faculty and staff. The San Francisco City Attorney’s Office found that it could not obtain secure equipment fast enough. Employees instead had to take their office desktop machines home.
Atlas VPN reported a 50% spike in VPN usage in the US this spring as VPN usage worldwide spiked long side the number of COVID-19 cases.
Similar problems arose in the areas of network security which we will talk about in a moment.
With the virus still fresh in our minds, and new cases being found every day, none of this is that surprising. But here is the news that is just now fully being understood – much of the workforce that is working remotely will continue working remotely for the foreseeable future.
The Shift to Remote Work
On April 3rd of this year, just weeks into self-quarantine, Forbes.com displayed the following headline: “CFOs Plan to Permanently Shift Significant Numbers of Employees to Work Remotely.” This headline referenced a survey by research firm Gartner and reported:
- 74% of organizations surveyed were shifting a portion of their workforce to work from home permanently.
- One human resource manager was quoted as saying “We’re being forced into the world’s largest work-from-home experiment, and so far, it hasn’t been easy for a lot of organizations to implement.”
- 54% of HR leaders indicated that poor technology and/or infrastructure was the biggest barrier to effective remote working.
Additionally, on May 12th, Twitter CEO Jack Dorsey announced that many employees would be allowed to work from home permanently. So although no one knows the future, (Did your New Year’s resolutions include a pandemic? Mine sure didn’t!) it looks like working remotely is here to stay.
There are many areas that will have to be addressed with this move toward remote workers. Two of those areas are bandwidth and network security.
Needs More Bandwidth
In March, the New York Times featured an article titled: “So We’re Working from Home. Can the Internet Handle It?” The sharp turn to remote workers began to put a strain on bandwidth needs and bandwidth consumption. Cox Communications upgraded all of its customers who had a max speed of 30 Mbps to 50 Mbps. https://www.multichannel.com/news/cox-steps-up-in-fight-against-coronavirus Comcast announced it was temporarily lifting data caps. AT&T, Verizon and Charter each announced they were upgrading their networks to handle the additional capacity.
Two months later in May, Comcast released data showing the shift for peak upload and download times.
Prior to March 16th, peak upload and download times were 9pm – consistent with a workforce that went online after the workday and dinner were done.
As of May 16th, that had shifted. Suddenly peak download time was 7:30pm and peak upload time was 8am-6pm. Most service providers can handle this spike and shift in residential traffic. But as the consumers, we may need to re-evaluate our plans from our service providers.
Many of us who work from home regularly know the challenges that arise when the internet is down, and you have no backup. I discovered this personally while teaching a class via Cisco Webex and suddenly my local internet service went down. The 15 students in my class were not amused but patient thankfully. I now pay a separate monthly service for a portable MiFi device.
Other remote workers are switching from residential to business class bandwidth as well. Business class bandwidth offers several benefits. Among these:
- Higher speeds: Up to 1gig in some areas
- Service level agreements: Your ISP makes a commitment to you.
- Symmetrical connection. Your upload speed and download speed are the same
- No data caps: Cool!
- Static IP address: This matters if you have web servers that need a fixed IP address.
So, is business class bandwidth right for you? Only you and your organization can make that decision. In some cases, employees can be nonchalant about bandwidth. But there is one area where remote workers in particular need to be diligent.
Network Security: Now More Than Ever
Network security is always a concern. But with the increase in remote workers, hackers have become more aggressive. The FBI announced that email phishing has increased over 350% since the pandemic began.
On April 8th, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) announced it was seeing:
“…a growing use of COVID-19-related themes by malicious cyber actors. At the same time, the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks (VPNs), amplifying the threat to individuals and organizations.
Cybercriminals are targeting individuals, small and medium enterprises, and large organizations with COVID-19-related scams and phishing emails.”
There are four key areas that require our attention.
- Malware, Ransomware and Spyware on the endpoints
- Protection against malicious websites and dangerous URLs
- Compromised credentials creating vulnerabilities in the network
- Unsecured connections into the corporate network.
To help address these issues, Cisco has introduced the Secure Remote Worker Program. The Cisco Secure Remote Worker program consists of four key products that are essential for Remote Workers.
- Cisco Advanced Malware Protection (AMP) for endpoints, which is designed to handle Malware, Ransomware and Spyware.
- Cisco Umbrella, which protects against malicious URLs.
- Cisco DUO which provides two-factor authentication and ensures connected devices are endpoint compliant.
- Cisco AnyConnect VPN which provides secure connections into the corporate network.
Cisco Advanced Malware Protection (AMP) for Endpoints
Cisco AMP for Endpoints is a cloud-based software program that is designed to provide protection again known and unknown malware and ransomware.
How does Cisco AMP work? Cisco AMP client is installed on endpoint devices like laptops and desktops. The AMP client interfaces with the AMP Cloud. The AMP Cloud is a repository of file reputation information. When a file is downloaded to the end device, information about that file is sent to the AMP Cloud. The AMP Cloud will return with file reputation information.
So far this sounds like any standard anti-virus program. But AMP is so much more.
First of all, AMP not only monitors the file when it is first downloaded. AMP will continue to monitor the file. Anytime the file is copied, accessed, or downloaded information about the file is sent to the AMP cloud to determine if the file might be malicious.
Secondly, the AMP Cloud is backed by Cisco Talos. Talos is the world’s largest threat-hunting organization on the planet. The Talos team partners with every major network security organization worldwide. That’s FBI, NSA, the ENISA (European Union Agency for Cybersecurity), and every major security organization on the planet. Through these partnerships and its own team of researchers Cisco Talos is able to identify 100% of known malware and ransomware. That’s right – 100%.
However, Cisco Talos is able to go much further. Cisco Talos is regularly able to identify malware that’s never been seen before – referred to as zero day attacks. This database of known and emerging threats is then communicated to the AMP Cloud, so that when the AMP Cloud needs to determine if the file might be malicious it is using information that has been provided by Cisco Talos.
Now if Cisco Talos and the AMP Cloud have never seen a particular file type before, the customer has the option to send the file up to something called Cisco’s Threat Grid. Threat Grid is a virtual sandbox. With Threat Grid, we will actually go ahead and “detonate” the file. Which means that we will run the file in a virtual environment and correlate that with over 250 different behavior indicators to determine if the file poses a risk.
All of this can occur anytime the file is copied accessed or downloaded. Because of AMP’s ability to identify known and unknown malware and ransomware combined with its information from Talos we have an unprecedented level of protection at the endpoints.
Now let’s talk a little bit about Cisco Umbrella. Nearly 90% of malware making use of Domain Name System (DNS) to gain command and control of devices or to exfiltrate data from networks.
Let’s explain what DNS actually refers to. Whenever you open up a browser and type in a URL and then hit enter. Your web browser goes to your DNS to find the IP address that corresponds to that URL.
So if you go to Amazon or Cisco or Skyline-ATS websites, once the browser has the corresponding destination IP address for those locations it will then construct an IP packet. That IP packet is how you are able to establish communication.
Ransomware and many types of malware make use of this DNS. If heaven forbid you accidentally download ransomware to your laptop (oops … AMP would have stopped that). But let’s say ransomware gets on your machine. The first thing that malware will do is attempt to connect out to a command and control server out on the internet so that your data can be encrypted and a ransom demanded.
In order to go out to that remote command and control server it has to make use of DNS. Anytime and every time you go out to the internet you are in some way making use of DNS. Every time you access a web page, or send an email, or click on an app, join a video call or stream a movie – you are making use of DNS. It is the underlying structure of how the internet works.
So where does Cisco Umbrella come into play? Cisco Umbrella is a DNS server but it blocks internet access to dangerous URLs. Umbrella makes use of the analysis of billions of daily URL requests, combined with predictive algorithms, and information provided by Cisco Talos to block the access to the malicious URL before it can even happen.
As the Cisco Umbrella team says, “We Stop Attacks Before They Happen.” And the beauty of Cisco Umbrella is that it is literally a single configuration change. You simply point your DNS server to the DNS server for Cisco Umbrella and then you and your fellow employees are protected.
Now let’s talk about multi-factor authentication and how do you deal with compromised credentials.
Nearly 99% of security breaches occur as a result of known vulnerabilities. And 81% deal with stolen passwords of some type and 70% originate at an endpoint.
With Cisco DUO and multi-factor authentication, you are able ensure that only authorized users are able to access network resources.
My bank is Bank of America (this is by no means an endorsement of Bank of America). Whenever I log into my bank account, after I enter my username and password, I then receive a code via text message that must be entered.
The reality is that passwords alone are not always sufficient to protect access to network resources. Something more is required. And with the rise of remote workers this has never been truer.
Part of that something more is multi-factor authentication. With Cisco DUO we are able to ensure that only authorized users are able to access network resources or cloud-based resources.
Cisco AnyConnect VPN
Now let’s talk about Cisco AnyConnect VPN. Cisco AnyConnect VPN Secure Mobility client is able to be installed on endpoint devices such as laptops, desktops, mobile phones and tablets.
In addition to providing a secure network connection for remote workers, we are able to automate posture checks on all devices connecting to the network. This means that the network administrator is able to ensure that all devices meet the company’s security standards (operating system, security patches, anti-virus, etc).
There you have the four products that make up the Cisco Secure Remote Worker program: Cisco AMP for Endpoints, Cisco Umbrella, Cisco DUO, and Cisco AnyConnect VPN.
2020 has been a very strange and fascinating year. We are still wrestling with the pandemic and what that means for us, our families and our futures. The reality is that remote work and remote learning are here to stay at a level that has never been seen before.
As we are adapting to this new environment, it is critical that we secure both our personal and company data. The Cisco Secure Remote Worker program is able to help you do just that.
For those of you interested in purchasing the products listed, please contact your Skyline ATS and one of our account managers would be happy to assist you.
In the meantime. Be safe. Be healthy. Be well.
Cisco Security Certifications