As we have been touching on in other blogs, cybercriminals continue to cash in while the world worries about the threat to life and liberty from COVID-19. The factors playing in their favor include:
- Fear, uncertainty and the thirst for information making users more susceptible to interaction with malicious emails, websites and social engineering attacks
- Shrinking incomes and an uncertain economic outlook for organizations
- An evolving cybercriminal industry that trades goods and services in much the same way as the legitimate cybersecurity sector (see our latest report: Dark Commerce)
However, perhaps the most significant is the sudden and unprecedented global shift to remote work and its associated cyber-risk. Despite uncertainty, now is not the time to take your eye off cybersecurity.
Many organizations have been forced to improvise new working arrangements for their staff at short notice – sometimes leveraging personally-owned rather than company-supplied devices. Even those with established processes for supporting large numbers of remote work employees will have been caught off guard by the urgent need to extend this across their entire workforce.
Here are five tips to maximize your security as employees work from home for a prolonged period.
Educate staff with a cyber awareness program
From a cybersecurity standpoint, people are your weakest link and your strongest ally. There are some basic remote work security hygiene techniques that each homeworker needs to follow consistently (such as changing default passwords on their home WiFi routers; not allowing housemates/family members to use the same device; etc.) and don’t assume that it’s only the newer remote workers who need to be informed. Organizations of all sizes must make it part of a structured education program and mandate each user to abide by these protocols.
This program should also include relevant guidance on how to spot phishing emails and other social engineering attacks. This should include examples and ideally live testing to see how individuals respond to simulated exploits so that you know who to focus extra training on.
Calls upon staff to regularly change their passwords are frequently ignored, and even when forced to do so with periodic lock-outs from corporate systems, the net effect can be lots of support tickets for your overstretched IT team to deal with.
Far better to implement a two-factor (2FA) or multi-factor authentication (MFA) system where memorable passwords are used in conjunction with tokens and/or one-time passwords (OTPs). These are more difficult to compromise and ensure that data is accessed only by those you allow. Again, these can be set up without coming into physical contact with the user or their device.
Roll out endpoint protection
Signature-based endpoint security has been much maligned but is still effective in some scenarios. More advanced, client-based endpoint protection goes beyond simply matching known malware signatures, providing a catch-net for the majority of threats in the wild. In any case, it is in your interests to ensure that the endpoint devices used by employees working from home benefit from up-to-date antivirus and firewall protection. Purchasing these on your employees’ behalf and issuing licenses should provide greater peace of mind than simply taking their word for the fact they have an appropriate system installed.
Police the network proactively
Keeping patches up to date on devices that you do not control is a minefield, but there are ways of providing virtual desktops that navigate this issue. Similarly, tools are available to prevent access to your corporate network from any devices that fail to run up-to-date software and OS.
Going beyond this, it is essential that you step up vulnerability scanning across your IT estate as exploits may emerge from endpoints that move laterally across your network to compromise other users and data. Ultimately, you would have the ability to scan for vulnerabilities beyond your network to detect compromised or stolen credentials in – for example – dark web marketplaces. We describe this process in detail in our report into the Credential Theft Ecoystem.
Gain real-time threat insights
Knowing what threats are out there, which ones apply uniquely to your organization, and what you can do to stop them are the constituent elements of real-time threat intelligence. This not only equips you to deal with new issues as they arise, but also enables you to simulate likely scenarios. The real-time component is all-important because an effective response relies upon the threat intelligence being sufficiently contemporaneous to actually do something about it. With your attack surface significantly enlarged through continual remote work across most or all of your staff, threats could emerge from anywhere. This is exacerbated further by the use of cloud applications and data stores that exist beyond your network perimeter – something that most homeworking setups rely upon to keep users productive and autonomous.
Substantially more people are remote working since the coronavirus crisis took hold. This is terrific for the continuity of business operations at organizations large and small, but a massive potential pitfall for their security postures.
Numerous safeguards are needed to mitigate risk in remote work scenarios, but this burden is also shared with users to take extra precautions. Most critical of all is the ability to understand, identify and contextualize threats in real-time so that available resources can be coordinated to respond precisely and effectively. For more information around how we can help put threat data into context, contact us today.