Hackers and attackers feed on our fears. Anything that escalates our anxiety is their weapon, which is what makes the current pandemic of COVID-19 prime time for cybercriminals to try and trick people into giving their money to the wrong people.
In one such instance, cybercriminals have been found exploiting the Coronavirus condition to distribute mass emails posing as legitimate health organizations. According to a guidance issued by the US Secret Service around coronavirus related phishing scams, victims received an email apparently posing to come from a medical enterprise that included attachments allegedly containing information regarding the virus.
This led to two consequences:
- Unsuspecting victims opened the attachment, causing the malware to affect their systems
- Victims were prompted to enter their email login credentials to access information resulting in compromised login credentials.
What happens when all of your employees work remotely? More and more organizations are issuing notices to their staff, giving them the option to work from home with any support they can provide to reduce the risk of infection to their people.
While keeping your employees safe is the most important call of the hour, you still need to ensure your sensitive data stays protected.
The Common Cybersecurity Challenges With Remote Workers
Large corporations with huge emergency funds can issue personal devices to all their work-from-home employees, but that’s not necessarily the case with smaller businesses. These companies will have to accept work from their employees’ personal devices.
This is similar to a Bring Your Own Device setting, but in a much less secure network environment. These external devices lack proper security arrangements and might pave the way for attackers to bounce hacks through home networks.
Moreover, companies can’t ask each employee to deploy an EDR at home due to strict regulations (GDPR, contracts, etc.) and potential tech issues.
If you’re a business quickly rolling out cloud services, you might want to double-check your security settings. In haste, cloud solutions can expose a business to a variety of threats.
The physical security of a remote worker’s laptop or PC is another challenge. If the device gets stolen or compromised, the data residing on it is also at risk.
It’s also critical to consider that all devices are free of any vulnerabilities and are regularly monitored. Insider threats might also pose a huge risk to your organization as some employees might exploit their newfound freedom by, for instance, accessing intellectual property without being seen.
Another challenge is that of the big vulnerability of sensitive data passing through insecure WiFi networks. Let’s see what you can do to fend off these issues or keep them at bay.
Can’t-Afford-to-Ignore Cybersecurity Tips for Your Remote Staff
In order to minimize the risk of a cyberattack through work-from-home employees:
- Educate and inform your employees about the various risks they might be going through because of an insecure network and machine. Create a series of educational emails and remind them about the risks of opening an infected email.
- Add a warning to emails coming externally either in the subject or the body of the email. If an email contains [EXTERNAL] in the subject line, your employees can be careful.
- Require your staff to enable all of the Cloud security configurations and features or run a vulnerability assessment with us and monitor security events.
- Make Multifactor Authentication mandatory for all your cloud services. In addition to the username and password, MFA requests users to perform an additional security step, such as inputting a token number from their mobile device.
- Continuously monitor your cloud services. Configure the level of monitoring that comes with your standard purchase or get additional security services. You need a SIEM for this environment.
- Run cloud vulnerability assessments from remote locations.
- Mandate full disk encryption on all remote PCs to protect data at rest. This way, if the machine is stolen, the contents of the device will remain protected.
- Ensure your employees point their DNS settings to a solution that will check the reputation of the sites your employees are visiting (OpenDNS) or use proxies, even in the cloud.
- Limit access to VPN as this could pose a significant security risk to your data. Replace the need for them to enter the network with cloud services. Restrict operating hours.
- If you need to enable remote access into internal systems, always do so through a VPN. Never enable Windows RDP access directly from the firewall (remember the recent CVE for RDP?). If you have a SIEM, you should be able to detect many security attempts like attackers using free/business proxy, attackers using known offensive nodes, attackers using TOR, etc.
- Run a vulnerability scan against your external network boundary as you might have introduced vulnerabilities there while hastily deploying solutions for remote workers.
- Carefully monitor any remote access and disable any ability to cut and paste or access local drives with remote desktops.
- Require your stay-at-home workers to use a separate WiFi network for their work to isolate data and stay away from public WiFi that many people use.
- Ensure you have a real Endpoint Detection and Response solution, to fight against unknown vulnerabilities. You need to a specific policy. The best EDR can recognize when an employee is remote, before or after the use of VPN, offering different kind of trusting relationships.
- Keep evidence of all connections, on your VPN gateways, on your internal servers, like with Active Directory through at least 4624 events… If you have an intruder, these logs will help at finding who was where, how, why, and for what. This is very easy if you have a Cyber SIEM: not just a beautiful SIEM, but a SIEM with the right correlations…
- Do not forget your mobile fleet. This is all about security scans on these devices, especially if you have Android, and also through specific options and policies above your MDM infrastructure.
- You should have internal barriers deployed, to force containment between sensitive zones. This will allow to block lateral movements from spies and worms with ransomwares payloads. In some way, an NTA / NIDS could be useful, though of course the first step is deploying EDR agents everywhere, even on the servers.
- Do not hesitate to deploy decoys in order to delude attackers. Imagine what would happen if a BYOD device is infected, and that, for legal issues, you cannot have the right to deploy an EDR on the home based computer, that is unfortunately connected to your VPN because this is the COVID-19 crisis, and because you cannot deploy many laptops everywhere. If you have Honeypots, then the infected home-based computer will be caught while scanning your internal network. This is like your favorite alarm at home.
- Use technologies that use automatic behavior as much as possible to get rid of attackers. You don’t want to wait for an analysis from a reverse engineer. What you need is a security software that acts as a cyber robot that will detect unwanted and unknown threats, with a global neutralization. This is why you require an XDR Platform. If you think about a single SOAR, you will lose time and money, unless you have an outstanding worldwide situation where you might believe that the SOAR could be the only magic solution to reclaim your security after years of epic situations. Most definitely, this is the XDR Platform, on top of SIEM, EPP, EDR, honeypots that will help.
Over 4,000 COVID-19 themed websites have popped up since January, with the estimate that 5 percent of them are suspicious and 3 percent malicious. These websites are likely to be used as part of email campaigns to lure victims into clicking on spammy and phishing links.
If we missed any interesting security topics here, feel free to add them in the comments of our post.
Together, we can do it.