Cyber criminals are looking at taking advantage of the gaps in security in a work from home situation. Here is what to watch out for and protect your organization.As the threat of coronavirus continues to spread, businesses are sending employees home to work remotely and students are moving to online classes. However, as organizations rush to shift their businesses and classes online, cybercriminals are ramping up their tactics to take advantage of those who may have inadequate or naive security postures.
The scale of attacks can be seen from the following statistics. Google recently said that it was blocking more than 18 million Covid-19 related spam mails on a daily basis. A recent VMware-Carbon Black report found out that ransomware attacks went up 148% – a significantly higher number compared to numbers in February, as more firms shifted to remote or work from home. Hackers have been using every tool in their arsenal – from fake apps to phishing emails to trojans, to trap unsuspecting people.
As the threat landscape has grown exponentially, organisations have a challenging task to ensure robust security in a world that doesn’t have any perimeters.
We recommend the following best practices to protect your organization:
- Enable secure access to corporate applications and data: Organizations must adopt a zero trust secure access approach, that is,a ‘verify first, trust later’ approach. A zero trust framework provides authenticated users access to only those corporate applications to which they are authorized to access while also checking for security at the device level. It replaces network level access with case by case, custom, application level access. Zero trust also means that one moves away from opening the VPN traffic flow from the outside to the inside and shift to a traffic flow that requires the firewall to close all incoming ports while opening only outgoing ports. This in effect plugs the holes in your firewall.
- Documented policy for WFH: As working from home (WFH) is a new phenomenon, there aren’t many guidelines. For this reason, organizations must create a clear documented WFH policy, and educate staff on the critical need to protect data. This can be provided in the form of a basic guide, weekly or daily updates and constant reminders to regularly update security patches on their laptops or home computers. Employees must also be educated to avoid communication on unsecured communication channels or social media.
- Ensure secure collaboration channels: Popular collaboration and meeting platforms such as Zoom have seen hackers take control of lack of user knowledge about security settings. For example, organizations can use the waiting room option so that participants can't join until the meeting is officially open. There are also options for blocking file sharing and private chat.
- Educate staff on importance of secure WiFi network: A secure WiFi connection is a must. Make sure that the staff is educated to configure home routers for security settings (for example, WPA2) and that all the default credentials are changed.
- Maintain end point security: Even a single infected machine can end up infecting the whole network. Organizations must try to maintain end point security by ensuring that client machines must have hygiene implemented such as patching, privileged ID management and device hardening. Organizations should deploy cloud-based EDR solutions that enable identification of advanced malware and file-less threats before they're able to damage the end point device or spread laterally into the network.
- Monitor the external environment: Increased remote working tends to increase risk of data leakage and shadow IT sprawl. External threat monitoring is required to ensure that your assets, data or brand aren’t being targeted or used in the public domain. This can take multiple forms and generally falls into three categories: the deep/dark/surface web monitoring, brand monitoring and infrastructure monitoring. This helps cover any residual risks left over after implementing all controls necessary for remote access and working.
These methods must be combined with overall security monitoring efforts performed through the SOC. The output of these controls should be fed into the SOC to enable an efficient detection and response to threats targeting the organizations.
In the future, the WFH situation may well become the norm rather than the exception. For this reason, organizations would do well to prepare themselves for this new world through a holistic WFH policy that ensures robust security of data, assets, brand and communications.