5 ways counties can mitigate remote access security risks
Cyberattacks against the nation’s counties are on the rise. Since 2017, attacks rose an average of almost 50 percent—although this metric is likely to be a fraction of the true number, as these attacks often go unreported. With last year’s shift to more work from home and virtual learning, counties are finding themselves more exposed.
Used to managing security within the physical perimeter of the office or school environment, IT and security leaders have had to change their focus to managing risk across an extended digital ecosystem. As a greater population of users connect to the network from unsecure Wi-Fi networks and personal devices, IT security teams must find new ways to secure each endpoint, manage access rights at scale and monitor user behavior. Key to this is greater visibility and control.
Let’s look at some security and network monitoring strategies county governments can employ to balance the need for improved security for remote workers and students while ensuring a frictionless experience.
- Manage access at the endpoint
Endpoint protection (the process of securing the entry points on a network such as laptops and tablets) is a core security practice. Yet due to budget constraints, county governments have struggled in this area. Only 53 percent of state and local governments rank high on the maturity scale for endpoint protection. Counties must find ways to close the maturity gap and protect vulnerable environments.
If a department or school doesn’t have the means to supply each of their users with a protected device, they should implement remote monitoring and management capabilities allowing them to monitor and protect their network from afar and receive alerts of any threats.
A virtual private network (VPN) can also protect government and user data remotely. With a VPN in place, agencies can give staff access to secure networks and systems—from remote or personal devices—without putting information at risk.
- Implement network segmentation
Network segmentation is an important strategy for mitigating the risk of a bad actor breaching the device of agency staff or students and moving laterally across government and school networks to access sensitive data.
When an unrecognized IP address tries to log in to the VPN or agency system, network segmentation will seamlessly segment it to a restricted access area and keep sensitive data out of the wrong hands.
Technologies like software-defined networking (SDN) make it easier to establish and manage permission-based security and quickly enforce segmentation at scale. For example, network administrators can isolate a school system’s student network from their staff network.
With SDN, it also becomes easier for security managers to gather data from the network to detect traffic anomalies indicating malicious activity.
- Understand and act on high-risk network access
Over time, users gain access to more and more digital resources—yet those access rights are rarely audited or revoked. If a user is compromised, every system they have access to is at risk of being exploited by a bad actor.
A single, centralized access rights management solution can simplify the process by providing visibility and control over all access privileges within an organization and continuously monitor the environment for changes. For example, when a staff member leaves their position or a student graduates, their access rights can be quickly revoked to minimize the risk of their identity credentials falling into the wrong hands.
- Monitor for unusual network activity
Detecting nefarious activity on the network has traditionally been achieved through log management practices. But monitoring logs at scale—across distributed networks and in the cloud—can be difficult.
Security information and event management (SIEM) systems can help counties address this challenge without unnecessary complexity or cost. A SIEM monitors networks for suspicious activity in real time and automates the process of forensic analysis—saving IT teams from gathering and parsing through a sea of logs and speeding threat detection.
- Ensure everyone is “cyber aware”
Agencies should also remember they’re dealing with humans. Reminding them of basic security hygiene practices can go a long way to preventing cyber incidents. Best practices include not sharing passwords, changing passwords regularly, and waiting to get on a secure network before accessing a cloud application or sending emails with sensitive content.
Lessons learned bring opportunity for growth
As disruptive as it has been, the COVID-19 pandemic has also been an opportunity for growth. It has accelerated digital transformation and forced government agencies to bring in new IT capabilities. But it has also compelled security leaders to face the inevitable—the melting away of traditional perimeter-based security. It’s a complex and dynamic challenge. Solid security processes provide security teams with the visibility and control they need to mature their cybersecurity programs and manage risk across this expanding attack surface—without diminishing the user experience.
Brandon Shopp is the group vice president of product at SolarWinds. Shopp has spent more than 10 years with SolarWinds and has a proven success record in product delivery and revenue growth, with a wide variety of software product, business model, M&A and go-to-market strategies experience.