Our blog

Monitoring Employees Working From Home


The Importance of Security, Authentication and Access

As working from home becomes the new normal for many companies, both employees and managers are trying to adapt to a different way of doing business. Although many companies had implemented some telecommute or remote work options by the beginning of 2020, only about 7% of U.S. employees reported being able to work from home on a regular basis. But fast-forward two months, and the global lockdown forced businesses to participate in what Time called “the world’s largest work-from-home experiment.” 

For many, the experiment already seems to be working out; a new survey from Gartner reports that 74% of CFOs expect at least some of their employees to continue working from home even after the pandemic has passed. 

The new work from home environment has affected businesses in many ways, from adjusting to virtual meetings and learning to manage interoffice communications remotely to working around employees’ individual technological shortcomings. But it also has brought with it many higher-level challenges, the main one being increased threats to security.

Risks of a WFH Workforce

As employees turned kitchen tables into workspaces at an unprecedented pace, they began using home equipment to complete tasks that had previously been done in the office environment. That means that unmanaged routers and printers on home ISPs began replacing the secure office network, creating an environment that seemed ready-made for security breaches.

The increased use of virtual private networks, or VPNs, saw encrypted networks being extended to employees’ homes. While the VPN may have been safe, many home networks are already infected with malware that could be used to stage an attack. Or the security of the hardware being used may be compromised, which then allows hackers to gain access into the VPN. Businesses who have had to quickly adapt to a remote workforce have many endpoint challenges to address, because so many vulnerabilities have been introduced.

In addition to VPN challenges, mobile options present a significant vulnerability. Many workers now find themselves completing certain tasks via mobile, and it’s no surprise that it didn’t take long for hackers to recognize the opportunity and access workers’ phones. For example, hackers created a malicious mobile app that looked like a legitimate app developed by the World Health Organization. Once downloaded, however, the application was designed to steal sensitive data, including personal, financial and business information.

How to Monitor Employees Working From Home

All of this has created a need for companies to better understand what is happening with their remote operations. Considering how rapidly changes have occurred, many have found themselves unprepared to deal with challenges such as security threats and the increased demands placed on the network. However, even as areas begin to gradually open up, many companies are opting to stick with a work from home environment — at least for now. And that means the need for creating better policies and controls to create a more secure work. Let’s look at three tools bitsIO can employ to monitor critical services and help keep your network — and all of your employees’ information — safer.

No. 1: Multifactor Authentication

Multifactor authentication, or MFA, requires two or more pieces of information to authenticate the user’s identity before granting them access. It plays a key role in maintaining safety, particularly in a remote environment where an unauthorized user may have access to equipment. Having MFA in place is a critical way to keep your IT environment safe, and bitsIO has two Splunk features to accomplish this.

Splunk Add-on for RSA Multifactor Authentication. With this add-on, a Splunk software administrator can collect data from the RSA SecurID Authentication Manager server. Once the platform has indexed all the events, simply use the pre-built dashboard panels to review the data.

Duo Splunk Connector. Administrators can import all the critical logs to view and monitor activity. This includes authentication logs, administrator logs, telephony logs and endpoint logs. New dashboards can also be created and modified to support necessary data.

No. 2: Remote Access VPN

With more users connecting simultaneously to the corporate internet, it’s critical to be able to monitor activity and troubleshoot instances where users cannot connect. Three Splunk options for doing that are:

Palo Alto Add-on. This add-on pulls data from the user’s firewall and provides advanced endpoint security. It also allows reporting on key links and has a GlobalProtect VPN feature to help with troubleshooting remote access situations.

Zscaler App. This application is designed to provide visibility and dashboards into remote access on all Zscaler products, regardless of the user’s location. It has focused dashboards for insights such as threat intelligence, web usage, remote access usage and more.

Cisco App. Similar in functionality to the two above apps, this helps map Cisco ASA device access to the Splunk environment.

No. 3: Access Management

Access management uses a variety of processes and technologies to control and monitor access of the network. Splunk offers these add-ons to help troubleshoot issues with services such as single sign-on (SSO) capabilities or redirects.

Okta Add-on. This allows an administrator to collect data related to event log information, user information, application and application assignment information and group membership information.

SailPoint Add-on. Easily extract audit event data from SailPoint’s IdentityNow product.

Keeping Companies Safe, One User at a Time

As companies work to monitor and manage employees in a work from home environment, having the proper technology tools in place is critical. Knowing what security challenges your company faces, and working to strategically address those threats before they create a problem can help keep your company and employee information safe.