Tim Simons, UK Security Product Manager
Over the past eight months, our world has changed.
Organisations have had to adapt rapidly to a different operation model, one that sees their staff now based remotely and consuming IT services from outside of the organisation. As organisations culturally (and logistically) adjust to remote working, what may have been originally perceived as a short-term change in operations, may now become part of a longer-term strategy. As such, a remote workforce presents additional challenges and risks in cyber security.
There are several steps you can take to help you improve your organisation’s security. Here are seven of them to get you started.
1. End point protection
Without the extra protection of being behind the enterprise firewall of the company network, the threat of falling victim to dangerous website links in email or files containing malware/ransomware is increased.
Up-to-date anti-virus/anti-malware on end points is essential to identify and stop malicious software from executing.
2. Phishing protection
Cyber criminals are taking advantage of isolated and, often, anxious users. Many remote users will be working away from enterprise security protections, to trick them into opening COVID-19 related information and leading to the initial stages of compromise. A dramatic increase in virus-related phishing campaigns makes an already very high-risk attack vector even more important to mitigate against.
3. SIEM and visibility
Most company devices are now sitting on basic WiFi networks in users’ homes. As a result, the overall attack surface of the enterprise network has exponentially increased. However, effective security logging can still be maintained across the organisation. This can provide visibility of how devices are accessing SaaS platforms or other published services, interpreting and detecting unusual or unwanted activity.
Further applying User Behavioural Analysis with a next-generation SIEM tool can use machine learning to baseline user access behaviour to these platforms. This can provide greater visibility of what remote users are accessing, where from, when and how.
Organisations already running security logging will clearly experience a large shift in access behaviour and activity. They will need to re-evaluate parts of their logging strategy to compensate for the changes.
4. Multi Factor Authentication (MFA)
Enable MFA for VPNs and SaaS platforms to provide an additional layer of security for users connecting remotely. MFA helps protect against compromised credentials being used. It requires that a device owned by the real user be present during the authentication.
5. Access control
It can be tempting to make shortcuts to enable access to remote workers. However, it is advisable to think through carefully any changes being made and review their security implications. Cyber criminals will be relying on enterprises leaving security holes and vulnerabilities while making changes under pressure, that they can then exploit.
Carefully review any firewall changes. Published applications should be patched to the latest security levels and scanned for any vulnerabilities. Use MFA where possible, and reduce user permissions to only the service access they need. Password policies should ensure the use of strong passwords and phrases.
6. VPN solutions
In the last year, many of the large network security companies have suffered serious vulnerabilities across their VPN and access gateway platforms. It is important to make sure these are fully patched, along with any client-side software that is used to access them. Again, where possible apply MFA to the authentication process to provide further protection.
A VPN access solution may not be the best-long term strategy for enabling large amounts of remote working users. Typically, these platforms aren’t designed to scale with this principle. There are alternative systems, such as single-sign on or identity access management based on zero trust access principles. These systems are a better way to control who has access to your sensitive data.
7. Staff awareness
The number of COVID-19 related scams currently circulating on the internet is significant. Therefore, it is advisable to communicate to the workforce the need to be especially vigilant around email communications and visiting web links from non-official sources.
At Proact, we know you have a responsibility to look after the health and safety of your employees, and the best way to do that is to ‘Stay At Home’. While you do that, we want to make sure your security is protected.
Reach out to us at any time for friendly advice and to discuss your security strategy at this difficult time.
