Businesses are adapting to a new world, where working remotely is a necessity for safety and continuing to stay productive. Remote work has major implications for security, both because home networks and systems tend to be less secure, and because the threats targeting remote workers are significantly on the rise. In the last couple of months, since the coronavirus pandemic began to hit, we’ve observed, and other researchers have documented, a 667% increase in attacks. These attacks include phishing, malware, remote hacking efforts and related threats.
- Phishing attacks are targeting email, instant and text messaging to exfiltrate data, take over accounts, inject malware and induce fund transfers. Many are COVID-19 themed, or may appear to come from a colleague, client, vendor or other entity where a relationship exists.
- Malware threats are largely focused on ransomware right now, which can both hold your information hostage with the goal of extorting funds for its return as well as exfiltration of the same data to unknown malicious parties. Paying the ransom is rarely a good idea and often you won’t get data back.
- Social engineering is another problem on the rise. Malicious parties can potentially spoof a caller ID, making it look like they’re calling from your bank, or your office or another trusted party in an attempt to gain access to information that is privileged or otherwise manipulate you in to doing something harmful to your company.
- Malicious hackers are also directing automated attacks against Internet-connected devices more and more. These attacks largely target vulnerable systems, where there is a weak password in place, an unpatched problem, or other exposure that allows them to gain access and exfiltrate data or setup a staging area to launch other similar attacks.
As a result, more robust security measures are warranted to increase resilience against malicious attacks.
- We recommend that all security initiatives begin with improvements to company policy. Many companies either do not have cybersecurity policies or they are out of date. Having an up-to-date and robust cybersecurity policy that meets or exceeds any industry regulatory requirements, defines how security is handled, how potential incidents are responded to and what expectations there are of employees, vendors, contractors and the like when it comes to handling data.
- Patching software and firmware is fundamental, whether it is a server, computer, phone, network-connected device or otherwise it is crucial that these devices are patched regularly as updates are made available to reduce the chance of attack. Most updates are security fixes that announce what’s wrong and give hackers insight in to how to potentially exploit it. How patching occurs and with what frequency should be determined by the company’s cybersecurity/IT policy.
- Routine training is important as 50% of data breaches happen due to human errors that may be prevented by filling knowledge and awareness gaps. Training can be offered remotely for groups, to ensure that such measures can be taken even during this period of safety-driven isolation.
- Passwords are important to keep safe and vary across different accounts. We strongly suggest using a password management tool, such as LastPass, OnePass or KeePass, to manage your passwords. Change them every six months or so, but ensure that unique and strong passwords are used with each account. Not just variations of previous passwords.
- Remote management of systems being used by remote workers is an important tool. These management technologies can allow monitoring of status (if there’s suspected malware, updates not installed, software/hardware problems and more). Examples include Microsoft Azure AD + InTune, TeamViewer w/ITBrain, SolarWinds and other solutions. They also allow a more rapid response when something may go awry, even if it isn’t security-related.
- Endpoint protection is very important, as many home computers are using lower grades of protection that doesn’t meet the needs of a commercial environment. Anti-virus software targeted at home users typically does not have sufficient security mechanisms in place to guard against and mitigate more sophisticated attacks.
- When on-premises resources are shared from the company to remote workers it’s important to do so using a VPN, rather than just a port forward on the network. A VPN provides strong authentication, encryption and better end-to-end security as a result.
- Backups of all important data should be completed regularly, tested (with a restoration of data) and encrypted.
- It’s helpful to consider upgrading home routers to commercial grade firewalls for anyone handling sensitive data and working from home for an extended duration. Like anti-virus software, there’s a big difference between the home router and the commercial firewall insofar as protection is concerned.
- Web browsers should be secured using a plug-in like uBlock Origin, which can block known malware sites, advertising (which can link to malware) and more.
- The less apps, the better. Remove anything not actively used or not important on one’s computer and phone.
- It is helpful to have an independent third party that has expertise in security assist with evaluation of your company’s posture and where there is room for improvement on a regular basis. This is often referred to as a cybersecurity audit and remmediation, or vulnerability management.
- Finally, a DNS blacklisting service, like Quad9, can help to mitigate risk by blocking access to known bad hostnames and domains (including websites).
In summary, consider security an investment. Good security pays in dividends of trade secrets and customer data staying safe, increased stability of systems and networks, as well as significantly reduced risk of reputational, financial and legal liabilities. 80% of attacks can be prevented by having and adhering to a robust security strategy, such as what this article has discussed.