Remote working: cyber security risks and best practices
Enable your employees to work remotely in a flexible and secure manner, following security best practices
The COVID-19 pandemic has impacted businesses and employees in various ways. One common fact is that we all tumbled into the sudden need to work remotely. Because of this, many organizations had to rush into adopting a BYOD (Bring Your Own Device) program or quickly obtain new or spare laptops so that employees could work more effectively from home. But without the appropriate controls, new risks will unintentionally be introduced into your organization.
The home network and endpoint devices as a target
Unfortunately, the outbreak of the COVID-19 virus has attracted many opportunistic threat actors. As of day one, global and local threat actors have been exploiting the Coronavirus theme to lure people with phishing mails or malicious websites. Because of the rise of teleworking, threat actors are now targeting the endpoint and the home network of the remote workers.
We have established that threat actors started to target the majority of collaborative tools, especially those which are not controlled by your IT department. In just one week, no less than 41.000 phishing websites around the Coronavirus had been created, with the term “corona” effectively in the URL. These phishing websites lure people with fake Coronavirus news messages via email or social media. If people open such a website from an unsecured device, threat actors can easily install a virus on that device or even take it over completely without the user ever realizing it.
Bringing devices back into the company network
When people go back to the office and connect to the company network, the virus or malware will spread and hackers can access company data. Have you considered how to bring PCs and laptops back into the network after these quarantine times?
Allowing employees to work productively from any device and any location is a good idea, regardless of today’s situation. However, you need to keep in mind the shared nature of laptops, smartphones and tablets. When your employees work from personal or unmanaged corporate-issued devices and access corporate data, the health of that device must be taken into account, and it must be assessed for compliance with corporate security policies.
Your employees are probably using the same devices to access social media or other personal sites, and some employees frequently hand it to their children to entertain them or for home school purposes. Kids are more able than you think when it comes to downloading and installing applications onto these devices, some of which could be unauthorized or unsafe. Meanwhile you want to make sure those devices are not running outdated and vulnerable operating systems or apps, and that unauthorized software is not installed, as these can put the security of the device – and more importantly, corporate data – at risk.
Set a baseline of security expectations
It is a good idea for companies to set a baseline of security expectations for devices and remote users that access corporate data. For example:
- Should personal devices be allowed to access corporate data? Or only company-issued devices?
- Which operating systems should be allowed to access corporate data? What are the minimum operating system versions required?
- What minimum security controls should be in place (for example: MFA is set, encryption is enabled, device is protected and free from malware)?
A solid cloud IAM (Identity and Access Management) solution is key in enabling a remote workforce, as it can enforce who can log in from where, and with what level of security. This protects identity credentials from being stolen in phishing attempts, and so on.
Secure your remote workplace: top 5 threat checks
Robust and mature organizations have business continuity plans in place, from natural disasters to epidemics. The challenging thing about COVID-19 is that it affects every location globally at once. Normally you have the time to plan for what happens if one site is impacted, or to implement a security roadmap in different phases, but this is a very unique situation. It impacted all locations equally and immediately. This is stretching the limits of many organizations’ IT departments and business continuity processes.
We received some urgent requests from new customers asking our help on how to set a minimum security baseline for this forced remote working situation they tumbled into. In more normal times, we would start with a security risk assessment (AS IS versus desired TO BE), work out the TO BE situation in a nicely planned roadmap for the setup and configuration of appropriate security tooling, and so on.
But with the urgent need of short term quick wins to cope with these remote working threats, we needed to secure the remote workplace asap based on the minimum security baseline. A larger TO BE security roadmap can follow afterwards.
Therefore, we worked out the Remote Workplace top 5 Threat Checks:
- Use multi-factor authentication. This is the best mitigation technique to protect against credential theft for administrators and users.
- Protect Privileged Accounts/Admins from compromise and use the principle of “Least Privilege.”
- Anti-virus software alone is not enough. Enable advanced alerting capabilities and preferably endpoint protection on all endpoints (for example with Microsoft Defender ATP).
- Disable legacy email protocols, if not required, or limit their use to specific users.
- Keep your operating systems up-to-date and install the latest patches.
Need any help with these? Make sure to contact us.