How Duo Maps to Australian Cyber Security Center Remote Worker Guidelines
For years, security professionals have been discussing the diminishing traditional perimeter. The rise of cloud applications, the prevalence of personal devices in the workplace and the transition to a more remote workforce are reshaping access points and transitioning companies into a modern era.
Today, vague predictions of remote access have snapped into concrete realities the world over - the entire globe, wherever possible, people need to work from home seamlessly. Over the past few weeks, the guidance and tools needed to protect against breaches and secure a remote workforce are now center stage.
A case in point in Australia, the Australian Cybersecurity Centre recently released a document outlining its tips and guidelines for securing the remote worker. The advice is timely and well-structured, and like their tips in their previous “Essential Eight” guide, this new guidance distills the nine most important security controls that workers should consider when working in this new environment.
The Nine Most Important Security Controls For Remote Workers
Beware of scams
Use strong & unique passphrases
Implement multi-factor authentication
Update software and operating systems
Use a Virtual Private Network (VPN)
Use trusted Wi-Fi
Secure devices when not in use
Avoid portable storage devices
Use trusted sources of information
For more details feel free to read the full guidance, but it’s worth commenting on a few of the points made.
Scams Are on the Rise
There are many documented cases of cybercriminals leveraging panic around the pandemic to entice action from unsuspecting users.
Security Education Works
Beware of scams, use strong and unique passwords, avoid portable storage devices, and use trusted sources of information can be conjoined. These are issues of workforce security education. Now, more than ever, it’s important to set security expectations with remote workers and invest time in security education.
When addressing multi-factor authentication, updating software and operating systems, and securing devices when not in use: Duo can help. Duo’s multiple-factor authentication (MFA) eliminates concerns around weak or vulnerable passwords by requiring multiple factors to establish the right person is getting the right access to the network.
Duo makes it easy to rollout MFA to all of your remote workers and protect all of your corporate applications, whether cloud or on-premise. (Duo is particularly adept at protecting VPN credentials, which ends up enabling tip five too). Duo is known for being easy to implement and deploy to users, and got working with larger organizations like the University of Queensland to secure workers quickly and effectively.
Establish Device Health and Trust
Keeping devices patched and updated is one of the strongest ways to avoid bad actors exploiting vulnerabilities and gaining access to a network through insecure devices. This control and guidance could potentially be harder to encourage through education, or to enforce at the corporate level. If workers are left on their own to update devices and software or select security tools, for example, it may take awhile and they may opt for a variety of disparate consumer-facing tools that are hard to manage centrally by IT departments. This lack of visibility can cause immense help desk challenges.
Moreover, for IT departments, enforcing controls around device operating systems, health and status when workers are home provides a whole new set of challenges. Sure, constant reminders via email or the company chat with reminders to update to the latest software or to make sure screen-lock is enabled is one strategy - but often updates happen too late. Ensuring that only up-to-date devices, with proper security posture, are accessing corporate applications should be simple to do.
Additionally, Duo’s Device Trust makes it simple to assess worker devices at the point of access for software version and security posture. If a worker’s device is out-of-date or lacking a security feature, Duo can guide them through the update. If a worker persistently attempts access with a risky or insecure device, Duo can block them from access until they update.
Times have changed quickly in light of recent events. The prospect of widespread remote work is the new reality. In order to best defend companies from breaches, easy-to-use security controls that map to guidance from organizations like the ACSC will be important moving forward.
Try Duo For Free
With our free 30-day trial and see how easy it is to get started with Duo and secure your workforce, from anywhere and on any device.