COVID-19 triggered a shift towards a new way of working for employers and employees alike, which has placed business leaders under pressure to secure their online systems. Yuval Wollman, President of CyberProof, a UST company, discusses the new work-from-home model and walks us through how organisations can stay safe in this kind of environment.
Two years on from the start of the COVID-19 pandemic, organisations around the globe are still working on how best to scale their internal work-from-home arrangements in a way that limits cybersecurity threats. In the abrupt shift to remote working back in early 2020, business leaders and IT teams were focused on quickly enabling their workforces to be operational while security considerations often took a back seat.
When employees suddenly began accessing enterprise applications and assets on home devices over a home Wi-Fi, unreasonable security risks were created and the door was thrown open for malicious actors. For example, home workers are easy targets for phishing and malware attacks that attempt to steal their personal information or gain access to company accounts.
While the attack surface has expanded, there are ways to keep up with hackers and mitigate these risks. Here are seven top tips for securing a remote workforce.
1. Workforce training
One way that organisations can reduce the risk of phishing and malware attacks is through training – specifically, by raising the awareness of the WFH team, explaining common hacking techniques and providing information about the risks associated with them.
With so many employees based at home due to COVID-19 (and the end of it more unclear than ever with Omicron), it’s important to create a strong culture of security and ensure both the informational awareness and genuine engagement of all members of your team. Security teams can provide weekly updates about new trends, conduct monthly training, implement known Indicators of Compromise (IoCs) and make it easier for employees to report concerns.
2. Updating patches
With a remote team, it is even more essential that all network infrastructure devices – and any devices used to remotely access work environments – are updated with the latest software patches and security configurations, and that only the latest versions are used.
Many attacks have been attributed to missing patches. For example, you can mitigate the risk of the new, critical remote code execution (RCE) zero-day exploits for Apache Log4j Java-based logging library by upgrading every impacted Apache Log4j as a critical emerging vulnerability. Log4J allows hackers to conduct unauthenticated RCE and achieve a complete system takeover. The security flaws, which were made public in December 2021, open the door to attack in many companies’ systems.
3. Leveraging new technologies
By using a new approach called Security Access Services Edge – SASE (pronounced ‘sassy’) – a new cloud service architectural model, a subcomponent of SD-WAN – organisations can extend corporate security policies to each individual user so that the WFH employee and the business have confidence that the employee is protected and corporate data is not at risk.
While most network and network security architectures are poorly equipped to meet the dynamic secure access requirements of a WFH enterprise, SASE is driven by identities. An identity is attached to everything in the corporate environment: each person, application, service or device. It’s an approach that is location-agnostic and supports completely user-based security for the enterprise.
4. Overcoming VPN vulnerabilities
For organisations that are used to setting up remote workers with VPN, there’s a fundamental problem in that legacy VPN servers generally can’t scale. Those currently using a VPN are likely to discover that it can slow down Internet speeds, such that work-from-home teams may encounter problems when performing high-bandwidth tasks such as holding video conference calls.
From a security standpoint, vulnerabilities associated with VPNs were highlighted in recent news such as the warnings that were issued about Fortinet vulnerabilities (e.g., the FBI’s warning). An incident investigation conducted by Kaspersky ICS CERT experts shows that attacks of Cring ransomware exploit a vulnerability in FortiGate VPN servers. Compromised VPN access and misconfiguration are growing problems with a large work-from-home workforce – a problem that patching and careful configuration processes can solve.
5. Encryption is key
Ensure employees are using secure methods of communication. Thankfully, many mainstream messaging services such as Signal, WhatsApp and Telegram come with end-to-end encryption as default or as an option.
6. Locking devices
For employees who must work in a public space, or who live with people who they can’t share work information with, it’s important to keep devices secure. Password-locking a device will usually encrypt its contents until someone enters the password.
For an extra layer of encryption protection, employees can use an additional full disk encryption tool such as VeraCrypt or BitLocker. For those who need to physically lock a device, for example, at a library or hospital, a Kensington lock is a great option.
7. Incident detection and response
Security alerts and suspicious events collected from multiple internal and external customer data sources should be monitored by a Security Operations Centre (SOC) team – so that threats can be detected as they emerge in critical cloud or on-premises infrastructure. What’s key is to develop and update policies and outline the steps to take in the case of an emergency, while training employees regarding who to contact in the case of an attack.
The significance of having a solid incident detection and response plan in place was recently highlighted when a ransomware incident that attacked HR management platform, Kronos, disrupted the Kronos Private Cloud, which houses data for many of its high-profile customers. Kronos’ work management software is used by millions globally, including dozens of corporations, local governments and enterprises. Due to the outage, many organisations that rely on Kronos were left unable to process payroll before the Christmas holiday, with timesheet systems also offline. The attack described above is a reminder of the importance of cyber emergency preparedness and response strategies, especially in the public finance sector where people’s payrolls are at stake.
Gartner is not alone in identifying the mainstreaming of remote work as one of the top eight security and risk trends for 2021. This year, securing the remote workforce will continue to be a top priority for IT security teams, as people continue to enjoy more work-life flexibility and the work-from-home trend shows no sign of slowing down. Looking ahead, in the UK, 24% of companies intend to use increased remote working as a permanent business model. With careful preparation, training and practice, as well as leveraging new technologies, it is possible to adapt to the new world of working and limit the security risks it presents.