The concept of working from home and remote workforces is not new. However, with unforeseen circumstances of Covid-19, most of the organisations are suddenly forced to practice this work from home culture. This has opened doors for the bad actors and increased the possibility of a spike in hacks and breaches targeting businesses.
Therefore, it has become much more important to review how you are preparing yourself for this challenge? How are you planning to secure your valuable assets, and cope with the increased threat?
The organisations may be aware of the remote working security issues and concerns whether it is – employees using an insecure connection or, while not monitored, possibly expose sensitive data or, fall prey to luring phishing instances etc. But, WFH is now being adopted by many industries and corporates, and even the government encouraging the same, so as to comply with the social distancing measures.
Unfortunately, distressed times of uncertainty are prime time for hackers to launch attacks and we have already started see targeted Coronavirus-themed spam emails and phishing attacks in circulation, such as
- Malware attacks disguised as sensationalized Covid-19 news or Charity pleas;
- Coronavirus-themed spam spreading malicious Emotet malware;
- A global email phishing scam carrying the logo of the WHO;
- Targeted e-mail addresses to deliver a weaponized Word document embedded with a VBA Script ultimately dropping a new TrickBot variant;
- Malicious coronavirus map hiding AZORult info-stealing malware etc., and so on.
Apart from phishing and use of malwares, now the latest development is that cyber criminals have developed a malicious software-laced Coronavirus tracking Android app, used as “CovidLock” Ransomware.
Therefore, it is imperative that organizations implement business contingency plans that prioritize protecting remote workforces from attacks. Securing a remote workforce (while also ensuring productivity), is need of the hour and there are several measures advised that should be implemented and practiced. Some of the important Guidelines ae below:
- Most important is to step up authentication mechanism and management of password e.g., policy around passwords (length, complexity, re-cycle etc.). This helps mitigate password guessing or cracking by a bad actor.
- Review the authentication mechanism and management of password. Increase security beyond the traditional password and username combination. e.g., Hardware security keys, Multi-Factor Authentication (e.g., 2FA, OTP, Biometrics, geo-restrictions etc.)
- Ensure Endpoint Protection (AV/AM) or EDR (End-point detection and response) is in place and up to date all the time. Adequate policies are in place to enforce the same and not allow users to work around the same.
- Ensure use a secure Wi-Fi network at home and avoid public Hotspots or open Wi-Fi. Take help/advise on how to change the password and disable unnecessary ports and configurations.
- Ensure Operating Systems and other Applications on Servers as well as endpoints are patched and latest. Automate the updating process as much possible.
- Plan adequate safe remote infrastructure; Use secure VPN and end-to-end encryption, for safeguarding data transmission. Use/configure VPN gateway, that extends business firewall rules to the end-user.
- Implement specific monitoring rules to detect attacks on remote infrastructure and utilize threat intelligence to detect threat actors targeting COVID-19 related themes.
- In addition, from the organization network perspective, incorporate network segregation wherever appropriate, and monitor and control communications at key boundaries.
- Also, get it tested by an expert for any vulnerabilities such as an unauthenticated, remote attacker exploiting configuration settings, and eventually organizational data.
- Use additional tools and solutions like DLP (Data Leak Prevention) and MDM (Mobile Device Management), to minimize the leakages and misuse of corporate data while working at home.
- Modify the Organization security policy (as required) to accommodate secure remote working methods (e.g., disallow external devices/ports, effective password management process etc.).
- Finally (most important), conduct refresher awareness campaigns covering phishing and basic IT security hygiene.
As an IT & Security professional, we need to implement and ensure compliance for all the controls needed to make remote working safe/secure. As a Risk & Security community it is our responsibility to increase public awareness on the danger of clicking onto any enticing link during these unprecedented times, and in general, be extra vigilant and observant. And (finally), a risk assessment should be performed not only specific to remote access methods but as a good practice, in general.