Many cyber security experts have been sounding the alarm of a fresh wave of cyber threats being launched against employees mandated to work from home during the Covid-19 pandemic.
As this outbreak changes almost every aspect of our lives, hackers are watching and waiting to prey on people who now have to work outside of the secure environments previously provided by their offices. For threat actors, this is their livelihood, and they are really paying attention to the lack of security prevalent now that everyone has had to rush to create their home offices.
In fact, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) did publish an alert on Friday emphasizing the differences in cyber security between working from the office compared to working from home. Most vulnerable are the virtual private networks (VPNs) which can access company data from remote locations. They make it telecommuting convenient, but they also open a new surface for a potential attack.
As a result, it’s critical to update VPNs and any devices used to access the digital office environment. Further, there will be an influx of suspicious and phishing emails hunting for usernames and passwords. If there was ever a time to be vigilant about cyber security, the time is now. Keep reading to learn more.
Uncharted remote work territory
While remote work, telecommuting, even contracting work has risen in popularity, the level has not reached where we are at today where almost every office employee has been mandated to stay at home and/or work from home for at least a month if not longer.
Many companies already had a percentage of their employees who telecommute, but now the scale is so much larger. As such, the threat of data breaches has skyrocketed. People were rushed to work from home so there will be a large discrepancy in security safeguards from person to person.
Yet, this isn’t the time to feel powerless and overwhelmed. There are important steps to take right now. One action to take is to update and patch all your systems. Next, warn your employees about the rampant potential for phishing emails especially from threat actors who prey on coronavirus fears.
Since the news of Covid-19 started airing through media outlets, our federal, state, and local governments thousands of coronavirus web domains have been created. While some of these are legitimate, there are many that are both suspicious and malicious and used to lure people into clicking on dangerous links. Always pay attention to the sites you view and the links you choose to open.
Best practices for secure remote work
Normally, employees who transition from the office to remote work are given ample time to set up their home offices and to wait for approved devices to be mailed to their homes. Right now, the notice to work from home was just too short to allow for any of those proven protocols.
Invariably, there has been a steady increase in phishing attacks. So then, it is important to keep in mind that attackers will exploit the current situation. It is also crucial to have an understanding of what to do in the event a device is either stolen or lost. Who do you report it to? Do employees feel safe reporting lost devices?
It’s vital for staff to feel that they can report any lost items without fear of repercussion. Companies should encourage reporting with a blame-free environment.
Next, you want to update all patches and patch cycles for VPNs, cloud interfaces, and end points. Pay even more attention to the types of patches that are designed to protect remote networks and infrastructure.
Mobile devices will also need protection with MDM tools using standardized configurations. Take it one step further with the ability to lock devices remotely and either obtain a backup or delete data.
What about passwords?
With remote work, secure passwords are not an option, they should be mandatory. So then, companies need to ramp up multi-factor authentication and should require all employees use MFA for critical applications and network access.
If you have users with privileged access, such as sys admins, then make these types of users a priority. It can make things easier if you use MFA technologies that are already integrated with your current processes.
What about FUD?
There isn’t any question that fear is a good selling point, especially in the cyber security sector. But, when it comes to fear, uncertainty, and doubt (FUD) – it takes cooler heads to prevail and win the virtual war.
As the breaches continue to get larger, and the headlines are front and center, organizations – now more than ever – need to make sure they are investing in the right tools and systems. There are countless examples where throwing money at an issue only leads to more problems.
It’s also crucial for executives to steer clear of the FUD, and the emotional reactions to the many looming threats. Instead, it’s much more important to understand the full impact of the threats and prepare a comprehensive, yet agile, cyber security strategy. Today, it is time to get past the FUD and stick to the fundamentals – endpoint security.
Truthfully, many companies have spent years investing in disparate systems and then several more years trying to get those systems to talk to each other. In the meantime, the threat actors already know your networks are vulnerable.
So then, where can you acquire some wins? At the point of origination – your endpoints, this is where the cyber battle looms large. It is also where processes are injected, and where the cyber criminals attempt to infiltrate.
One of the easiest ways to ensure your endpoints remain consistently protected is through automated solutions. But, take it one step further and automate your security patches. Can you tell when your systems need an update or a patch? It’s time to focus on the strategic picture, and give automation the opportunity to keep your endpoints and operating systems secure.
How can employees access systems safely?
As soon as possible, virtualize your desktops using a cloud-based solution. As a result, you can implement digital work spaces quickly. Of course, only use solutions that offer power authentication protocols and include a second authentication component just to be safe.
How to handle regulations
Know Your Regulations – This should be a given. But having an understanding of what regulations your organization is subject to, and experts on your team to help you comply with them, is the starting point.
In a timeline rife with unprecedented events, regulations seem to have taken a backburner to keeping everyone safe and healthy. Nonetheless, they are still important and will be around when we get to the other side of this.
As a result, you must know what is required of every regulation your company is required to follow. Note the requirements that are somewhat vague or open to interpretation. Determine which employees, data types, and applications require your focus and implement solutions to ensure they are protected and in compliance.
Maintain a happy, secure, and productive work environment even from home. Perhaps sending your employees home to stay safe was an easy decision. What remains are the decisions around keeping your data and systems safe. Yet, when you consider the most critical aspects of ensuring security and compliance, you can set your organization up for success with the right platforms and solutions.