Companies can take relatively straightforward steps to ensure effective cybersecurity for remote working during the COVID-19 pandemic. Ryan Olson, Vice President, Threat Intelligence (Unit 42) at Palo Alto Networks, explains how businesses can protect themselves against cyberattacks.
As we navigate the challenges posed by COVID-19 and the need to halt the spread of the deadly pandemic, many of us are settling into a routine of working from home. This can pose many difficulties, including how to maintain focus, how to balance other priorities, such as childcare, and how to be productive without requisite tools or dedicated office space, not to mention the struggle to avoid raiding the whole snack cupboard in one day.
There are compromises to be found for many of these challenges in what we hope will be a relatively short-term arrangement. What we must not compromise on is security.
Many cybercriminals are seeking to exploit our thirst for information as a vector for attack. Most commonly, as with other high-profile events, attackers are using COVID-19 themed phishing emails, which purport to deliver official information on the virus, to lure individuals to click malicious links that download Remote Administration Tools (RATs) on their devices.
In addition, there have been multiple reported cases of malicious COVID-19 related Android applications that give attackers access to smartphone data or encrypt devices for ransom. The global pandemic has also led to the creation of more than 100,000 new COVID-19 web domains, which should be treated with suspicion, even though not all of them are malicious. Palo Alto Networks is continually updating the latest COVID-19 related cyberthreats.
Attackers are also taking advantage of the fact that many people who are working from home have not applied the same security on their networks that would be in place in a corporate environment or that enterprises haven’t deployed the right technologies or corporate security policies to ensure that all corporate-owned or corporate-managed devices have the exact same security protections, regardless of whether they’re connected to an enterprise network or an open home Wi-Fi network.
Both business leaders and individual employees have critical roles and responsibilities in securing their organisation and in ensuring that cyberattacks do not further compound the already disrupted work environment.
How businesses can respond
In this critical time, business leaders have a heightened responsibility to set clear expectations about how their organisations are managing security risk in the new work environments, leveraging new policies and technologies and empowering their employees. It’s important that messages on security come from the very top of an organisation and that good examples are set from the start. Here are three recommendations for business leaders.
Understand the threats to your organisation. Business leaders should work with their security teams to identify likely attack vectors as a result of more employees working from home and prioritise the protection of their most sensitive information and business-critical applications.
Provide clear guidance and encourage communication. They must ensure that homeworking policies are clear and include easy-to-follow steps that empower employees to make their homeworking environment secure. This should include instructing employees to communicate with internal security teams about any suspicious activities.
Provide the right security capabilities. Leaders should ensure all corporately owned or managed devices are equipped with essential security capabilities, extending the same network security best practices that exist within the enterprise to all remote environments. These critical capabilities include:
• An ability to securely connect users to their business-critical cloud and on-premises applications, such as video teleconferencing applications increasingly relevant for remote work environments.
• Endpoint protection on all laptops and mobile devices, including VPN tools with encryption.
• An ability to enforce multi-factor authentication (MFA).
• An ability to block exploits, malware and command-and-control (C2) traffic using real-time, automated threat intelligence.
• An ability to filter malicious domain URLs and perform DNS sinkholing to thwart common phishing attacks.
How individuals can respond
Individual users must be empowered to follow the guidance provided to them by organisations and take preventative measures.
Maintain good password hygiene. Employees should use complex passwords and multifactor authentication where possible and change these passwords frequently.
Update systems and software. Individuals should install updates and patches in a timely manner, including on mobile devices and any other non-corporate devices they might use for work.
Secure your Wi-Fi access point. People should change their default settings and passwords in order to reduce the potential impact on their work of an attack via other connected devices.
Use a virtual private network (VPN). VPNs can help create a trusted connection between employees and their organisations and ensure ongoing access to corporate tools. Corporate VPNs provide additional protection against phishing and malware attacks, the same way corporate firewalls do in the office.
Be wary of COVID-19 scams. We’ve seen phishing emails, malicious domains and fake apps out in the wild already. Threat actors love to exploit real world tragedies and COVID-19 is no different.
Don’t mix personal and work. Employees should use their work devices to do work and their personal devices for personal matters. If you wouldn’t install or use a service while you’re at the office, don’t do it while at home on your work device.
Taking these relatively straightforward steps at both an enterprise and individual level should help address some of the most common security risks facing our home-working environments. We should also recognise that our threat environment is not static, which means it’s important to keep a close eye on evolving threats to avoid unnecessary additional costs and disruptions in a time when we can least afford them.