Bfore.AI Blog, Blog
Managing cyber risks related to remote working | Bfore.AI
Studies on the habits of organizations adopting remote work continue to highlight cybersecurity risks, including a recent study by Tenable that found 74 percent of organizations attribute recent cyberattacks to technology vulnerabilities in remote work.
According to the report, conducted with Forrester, cloud-based services and applications, personal devices and remote access tools have essentially eliminated organizations’ security perimeters, leading to an increase in cyberattacks and compromises as IT managers struggle to manage new technologies. While digital tools provide excellent support for remote workers, changing work patterns on such a large scale can have serious unintended consequences for IT and cybersecurity.
Consider the implications of a worker clicking on an ad promising a COVID-19 wonder drug, or opening an email attachment – from what appears to be a legitimate health agency offering pandemic updates – that contains software designed to compromise security. Or what if a worker is manipulated by social engineering techniques to follow the instructions of a cybercriminal pretending to be from their employer’s help desk?
By implementing a number of practical training, process and technology measures, companies can avoid adding a cyber crisis to the challenges associated with telecommuting and COVID-19. The following 7 steps help companies protect their assets.
1. Evaluate the IT infrastructure used for remote work
In an office environment, a large portion of staff use desktop computers connected to company servers via Ethernet cables or a corporate Wi-Fi network that rely on the physical security of the building to ensure data security. To work remotely, people often use company-provided laptops or even personal devices that connect to company servers via the Internet. Instead of reaching out to IT and cybersecurity help desks via an internal phone system, workers use their cell phones or landlines.
Companies must evaluate three categories of infrastructure: endpoints, connectivity, and enterprise architecture and infrastructure:
Endpoints
- Ensure that these include approved cybersecurity applications and tools.
- Gather a complete inventory of devices authorized to connect to enterprise systems, paying particular attention to the Ethernet MAC addresses of devices to correlate authorized devices with authorized users.
Connectivity
- Ensure that connections to corporate networks are made through virtual private networks (VPNs) with two-factor authentication to prevent snooping on data transmitted between employee terminals and corporate servers.
- VPN and token software can be downloaded remotely, but additional licenses may be required.
Enterprise Architecture and Infrastructure
- Configure firewalls, networks, collaboration tools and servers to accept remote connections over the Internet.
- Many companies’ remote connection capacity has not been sufficient to handle the increased load of thousands of connected workers. Companies have had to purchase additional hardware for on-premises systems or switch to a cloud service provider.
2. Secure Applications and Devices for Teleworkers
IT infrastructure is not enough to ensure that a company’s systems, software, and security are properly configured and functioning well. As companies integrate the technology needed for remote work into the infrastructure, the following steps should be taken to ensure cybersecurity of operations:
Encrypt and install firewalls on all devices
- Require users to install security patches and update endpoint protection and security (EDR) software on all endpoints, without exception.
- EDR provides personal firewall, application control, anti-spyware and anti-virus protection and prevents computers from becoming infected, preventing hackers from accessing logins and passwords and using computers as entry points to corporate servers and systems.
- Ensure that all computer hard drives, external hard drives and USB drives are encrypted and issued by the company to protect workers’ endpoints from theft or unwanted physical access.
- Implement guidelines to prevent the use of USB drives that are not provided by the company.
- All endpoints should be equipped with remote wipe capabilities so that data can be erased from a lost or stolen device, as well as data loss prevention (DLP) software to prevent data exfiltration.
- DLP tools also protect authorized workers, who may be less careful not to exfiltrate data when working remotely than in the office, where they can be more easily detected).Require employees to regularly back up data from all laptops to company servers to ensure quick recovery in the event of an incident and to protect critical business processes.
Secure access to company systems
- The enterprise security operations center should monitor all VPN and remote access logs for anomalous behavior.
- Restrict access to systems to specific networks or locations to reduce Internet exposure, mitigate risk and ensure early detection of unwanted behavior.
Ensure cyber incident response processes are robust.
- Security operations and IT teams should update and test all processes and procedures to ensure that cyber incident response and escalation chains work seamlessly with remote and backup personnel.
- Companies should also test backup recovery so they can rely on it in a crisis.
Install safeguards for remote collaboration
- Ensure that remote personnel have licensed, secure, enterprise-grade teleconferencing and collaboration tools that have been tested.
- Such tools enable secure productivity and prevent workers from using a proliferation of consumer-grade tools that should be prohibited.
- The compromise of a single workforce endpoint can create a breach for the entire enterprise.
3. Integrate cybersecurity into business continuity plans
As the workforce works remotely, it is important to consider the security of employee locations and, potentially, new ways of working. Business continuity plans should include cybersecurity provisions on several fronts:
Ensuring emergency security access
- Ensure that security operations and incident response teams can access their tools and collaborate remotely if they are unable to physically access systems or be in close proximity to their colleagues during an incident.
Form IT disaster recovery teams and enable remote assistance
- Plans must account for the possibility that at least some cybersecurity personnel will contract COVID-19 and be unable to work even remotely.
- Companies should also enter into service level agreements with cybersecurity and remote computing vendors that can realistically be maintained for several weeks, and they should verify that these vendors can support remote operations at the necessary scale.
Implement clear communication plans
- Secure direct and backup communications so that remote cybersecurity staff and other key personnel can be reached safely in an emergency.
Adapt plans
- It’s important to quickly follow and incorporate lessons learned from the pandemic, as some things are bound to go wrong in this new environment.
4. Educate teleworkers on additional security risks
In addition to technical considerations, cybersecurity training and awareness initiatives are critical to reducing risk. Some of the steps companies should take include:
Train workers to use new tools and features safely.
- Ensure staff know how to use tools and technologies that support remote collaboration, as well as how to recognize and prevent cyber threats, such as phishing and fraudulent emails and phone calls offering technical assistance or posing as charitable solicitations.
- When working from home, staff members should configure their routers to create a network for their work computers that is separate from the network used by the rest of the family’s personal devices – a feature that is offered by almost all home routers.
Establish protocols that allow remote workers to authenticate each other.
- Train remote workers to use only secure methods to authenticate help desks and colleagues.
- Maintaining strict protocols prevents staff from inadvertently disclosing information.
Have awareness tools
- Distribute materials such as self-service guides, videos, and frequently asked questions lists that educate employees about security threats and cover best practices for working securely remotely.
5. Establish protocols for telecommuting
The speed and scale of the transition to remote work creates many security risks for an organization, and the help desk will be the first line of defense. Here are some ways to prepare for the change and mitigate the risks:
Enhance help desks
- Create or expand help desks with voice and chat services to handle increased requests.
- Ensure that the help desk properly authenticates remote workers using multi-factor authentication methods. This can be as simple as texting a code to the authorized worker’s confirmed or company-provided cell phone.
- Establish periodic touch points with workers to discuss their progress and solicit their ideas for improving secure work practices. Your workers want to help, and they know what works well.
Explicitly define ways to work remotely.
- Provide the organization with clear guidelines and explicitly define secure procedures for handling remote work.
- Distribute a remote work policy that specifies acceptable methods of connecting to the internal network.
- Consider limiting access to data to only those who need it, and align telecommuting with “normal” work hours, which will facilitate the cybersecurity team’s ability to detect anomalous activity.
- Define company shutdown, end of day, and other times after which sensitive data can no longer be accessed, such as if employees leave the office to go home.
Frame remote meetings, digital collaboration and file sharing.
- Well-known platforms such as Webex, Zoom and Skype allow for secure meetings to be held reliably, but users must be trained and informed.
- The meeting host should be hypervigilant of potential intruders by taking attendance and asking all participants to announce themselves. Sending password-protected calendar invitations enhances security.
- Only allow collaboration and file sharing platforms that have been approved for business use. Avoid commercial platforms that may lack data protection features.
- Organizations should review the security configurations of these technologies and conduct assessments to detect shadow IT that may have been set up to collaborate in an unapproved manner.
6. Integrate cybersecurity into enterprise crisis management
Crisis management teams play a central role in helping organizations through difficult times. It is critical to adapt crisis management plans remotely and securely by taking the following steps:
Updating cyber crisis management plans to account for telecommuting
- Ensure that communication lines used by crisis teams are secure and approved – and that alternatives are available.
- Review incident management plans for compliance with cybersecurity and privacy regulations in the countries or states in which the company operates.
Ensure that mission-critical technology and personnel are always available
- Confirm that executives and security personnel can maintain secure access to the tools they need while working remotely or in quarantine.
- Communicate emergency escalation procedures, identify backup personnel, and define succession plans by role, such as security operations and systems administration.
- Ensure that backup personnel understand that they can be called in at any time – if a member of the crisis management team has been hospitalized due to COVID-19, for example – and confirm that they have received appropriate training and documentation.
Remain aware of the performance, location and health status of all employees.
- Establish communication and reporting mechanisms for all staff throughout the crisis.
- Closely monitor the status of IT and cybersecurity personnel in quarantine or hospital, and ensure that backup personnel are fulfilling their roles.
- Set up a secure, dedicated crisis communication channel, such as an SOS app, phone line, or email box, so that staff and management can communicate easily.
Make frequent, coordinated cybersecurity announcements.
- Update staff on evolving cyber threats.
- Ensure that people understand the seriousness of the cybersecurity situation by making it a central topic in all messages to staff.
7. Update access and security measures
Executives and other key employees who handle sensitive data are particularly important but often less familiar with technology and its risks. Cybersecurity and identity management teams should limit their access and update security measures to reduce the risk of compromise. Here are some examples of the roles that organizations should keep a close eye on and the security measures they should consider:
- Leaders (C-suite) should alert their family members that they are cyber targets and teach them to practice good cyber hygiene. This helps prevent attacks from cybercriminals who know that executives work from home and possibly share the family network.
- Financial staff should be on the lookout for phishing, phone and business email scams, especially those claiming to have connections to healthcare or charitable organizations. They should verify the authenticity of all financial communications, such as emails, links and wire transfer requests, and require verbal approval from leadership for all financial transfers.
- Purchasing managers should ensure that contract and other confidential data is shared securely using secure Wi-Fi, enterprise file-sharing solutions and encrypted USB drives provided by the company. Be wary of emails with suspicious attachments, such as purchase orders and invoices from unknown vendors or people posing as known vendors, especially those claiming to be related to COVID-19. Even emails with unfamiliar addresses that appear legitimate should be treated with caution. The difference between the following two addresses, for example, is impossible to detect: mail@example.com and mail@exampIe.com. But in the first one, the “l” is in lower case, while in the second one, the “l” has been replaced by an upper case “I”.
- Executive assistants must verify all requests from senior executives, especially those from unknown entities. Cybercriminals often use personalized scare tactics.
The technologies, digital tools, and procedures needed to mitigate the threat of cybersecurity are available and can be implemented comprehensively and comprehensively with modest effort and expense.
Cyber attacks are like the COVID-19 virus itself. Updating your systems is like washing your hands. And not clicking on phishing emails is like not touching your face. It may seem daunting at first, but these steps are crucial now and will remain so in the future as remote work is a new normal.1.
Prevent the next Cyber Threat
Bfore.AI patented AI technology combined with hyperscale observation infrastructure and modern APIs augment our customers security postures with Predictions.
Discover Predictive Cyber-Security
Book a live demo with our specialist to discover how Bfore.AI helps organization fight cyber threats with their patented technology.