The COVID-19 pandemic has required business leaders across every industry to rapidly shift their attention to countless new and pressing priorities: ensuring employees and family members are safe and healthy, adjusting business to daily changes in market conditions, and in many cases, moving quickly to a remote employee model. In the turmoil, failure to prioritize and adjust your cyber strategy can provide opportunity for threat actors to capitalize on the current crisis and gain access to systems and data.
Global reports indicate that malicious actors have increased attempts to gain unauthorized access to sensitive data, particularly through phishing campaigns spoofing COVID-19 related emails, websites, and attachments from seemingly reputable sources. Forbes lists a multitude of common Coronavirus-related phishing attempts and other scams, but warns that there are likely “millions more in the shadows.” Without proper protections and awareness in place, businesses and their employees may fall victim to these scams, and unwittingly expose company resources and highly sensitive personal data. Ultimately, the accelerated move to work from home strategies may be placing a number of organizations at risk.
Implementing a Secure Work from Home Strategy
When implementing a work from home strategy, it is critical to ensure that the correct technology and safeguards are in place to maintain an effective and appropriate security posture. Organizations should immediately coordinate between Operations, IT, and Information Security to determine which of these tools your company employs and whether or not those tools can simultaneously carry the burden of your full workforce. Many of these tools are considered integral parts of deploying an effective remote work strategy:
- Virtual Private Network (VPN): Creates a tunnel for secure communication from an employee’s endpoint to the corporate network.
- Multi-Factor Authentication (MFA): Increases security around user authentication by requiring a user to provide both something they know, such as a password or PIN, with something they have, such as a smart card, mobile device, or biometric marker.
- Voice over Internet Protocol (VoIP): Enables the delivery of voice communications over the internet instead of traditional phone lines or cellular devices.
- Mobile Device Management (MDM): Monitors, manages, and secures employees' mobile devices, including smartphones, tablets, and laptops.
- Remote Desktop: Allows a user to take control of a remote computer or virtual machine over a network connection, and provides remote access alternative for organizations not operating predominantly in the cloud.
- Remote Incident Response Tools: Enables Incident Response personnel working from home to detect, respond to, contain, and mitigate incidents and events within the corporate network. For a detailed list of incident response tools, see the link above.
Risks Associated with Remote Work
It is paramount to ensure that your security operations team or service provider is prepared to increase monitoring and response efforts as workers log in remotely. Early detection of and response to an attack can go a long way in preventing one from turning into a full-scale data breach. According to a recent study by Security Intelligence, this activity alone could reduce the cost of a potential breach by $360,000. Beyond preparing your monitoring and response teams for increased risks in general, specific mitigation activities should be modeled for potential impacts to the business and considered for risk mitigation.
Risk: Users May be Using Less Secure Wireless Networks
As businesses transition to remote work, some control is lost on the level of security around the networks being used to connect to corporate resources. Associates may use public Wi-Fi, or at-home wireless networks with weak passwords, creating a vulnerability that threat actors could potentially exploit to gain access to business networks.
Mitigation: VPN & Email Encryption
Companies can help address this risk by using a VPN. This strategy requires a VPN gateway on the corporate network side, as well as a VPN software installed on users’ devices. Employees will log in through the VPN, which allows them to connect securely to the corporate network by establishing a secure communication tunnel from their device to the organization’s VPN gateway. From this gateway, providing user authentication and access control prior to users accessing the corporate network can more tightly control access to corporate resources.
The use of email encryption can also be utilized to better protect sensitive information traveling across networks. Corporate data handling policies may already require encrypted email for certain types of data, but it can be beneficial to expand these policies or encourage greater use of email encryption during this time.
Risk: Greater Exploitation of Vulnerabilities
As the use of VPN and remote work increases, threat actor attention turns to this technology to identify and exploit previously unknown or unpatched vulnerabilities.
Mitigation: MFA and More Frequent Patching
To help mitigate this risk, companies can leverage MFA for user login. This technology uses a secondary piece of information as an additional authentication measure to help prevent unauthorized access if a threat actor gains access to or bypasses the password credentials. If MFA technology is not feasible for an organization or not yet implemented, password strength and complexity requirements should be enhanced.
Turning to Vulnerability and Patch Management processes to help address concerns around new vulnerabilities with remote work technology is an option. Increasing the frequency of patch cycles and treating new VPN vulnerabilities as critical can help prevent attackers from exploiting those that are known. Understanding that VPNs have less flexibility for downtime, this may require regular communication with users on potential delays during the time of the patch, as well as strategic planning to apply the patch at a time that impacts the fewest users.
Risk: Increased Phishing Attempts
Amidst the uncertainty related to this pandemic, workers can be more susceptible to phishing attempts made by malicious actors. They can no longer pop into someone’s office to confirm an odd request or check with other coworkers if an email sounds off or looks like phishing.
Mitigation: Phishing Awareness Training and Email Filter
Simulated phishing campaigns and phishing awareness refreshers can help users better identify malicious emails. Companies should enhance the detail of their phishing training and send regular reminders about how to report phishing attempts. Finally, pointing employees towards a single source of truth, such as a shared folder or webpage containing relevant COVID-19 announcements made by leadership, can provide a way for associates to fact-check information and better spot an attempted phish.
Companies can also work with their vendors to implement enhanced email filter and quarantine capabilities to block malicious messages before they ever reach the workforce. Most email providers have these capabilities built-in, allowing email administrators to adjust policies and settings to address increased security needs. Adjusted policies may initially block legitimate mail, so administrators should review quarantined emails to ensure minimal disruption to normal email traffic.
This crisis happened rapidly, forcing many businesses to respond more hastily than would have normally been considered ideal. As pressing as the numerous concerns facing business environments are, organizations cannot afford to let the quick pivot to remote work leave them more vulnerable to attackers than before. Leaders should work closely with Information Security and IT personnel to deploy these remote work capabilities and security tools to boost the security of their organization. With the best tools implemented and the right amount of diligence paid to monitoring and response efforts, you can help your organization have one less thing to worry about.
Our latest guidebook provides leaders with a roadmap to enhance resiliency plans, simplify operations, address new financial requirements, and more. To download, please click the link below.