As organisations rush to shift their business and classes online, cybercriminals have been ramping up their tactics to take advantage of those who may have inadequate or naive security policies in place. This large, rapid migration of people from enterprise and education networks that are closely monitored and secured, to largely unmonitored and often unsecure home WiFi networks, is creating a tempting target of opportunity for cybercriminals. Many of your employees are now operating outside the reach of perimeter-based security tools, and therefore have higher exposure to phishing and network attacks.
As such, it is imperative that they be reminded of the cybersecurity risks inherent in working from home. They are less likely to remember their security training and will be more likely to, for example, click a link in a phishing email or give their credentials to a malicious web site.
This forgetfulness when it comes to security can be especially true for those who are not used to working or learning at home. People working from home can be easily distracted, especially if they are normally used to working in the office, and they will inevitably mix work with personal email and web browsing. This increases the risks that they can introduce to their employers and colleagues, for example, by clicking on malware links. Now is a great time to warn people to be ultra-cautious.
Responding to Covid-19
It is important to step up awareness of digital security during this time as we are already witnessing an increase in phishing attacks against our clients. We recommend, as far as possible, to not mix work and leisure activities on the same device and be particularly careful with any emails referencing the coronavirus. Attackers are exploiting the situation, so look out for phishing emails and scams.
Your business may have sound security measures in place to protect the normal course of business, but they cannot simply be ‘cut and pasted’ and applied to an increasingly remote workforce. Remote working presents its own unique set of security challenges, including a number of environment changes and increased reliance on the digital world, all of which must come into consideration.
What devices will employees be using, and where will they be using them? Could others have easy access to information that is proprietary, either in physical proximity or through a shared WiFi connection? How will we share information with each other, and is that source being proactively secured?
Businesses need to adopt and implement specific security measures that address the above (and many other) questions in order to ensure a robust security ‘blanket’ that supports their employees’ and business’ current working situation. It’s one thing to ask your IT team to secure the endpoints of a relatively small number of employees that usually work from home – asking them to do so for everyone in your business is completely unprecedented. And so is the cybersecurity threat that’s rising during the current pandemic. And while it can seem overwhelming, there is a clear path to resolving any issues surrounding the challenge of securing a remote workforce.
Don’t neglect your VPN
Most organisations will be providing their employees with VPN access to the company’s internal network. While IT staff usually (and hopefully) maintain the network and keep it secured and patched, people oftentimes neglect VPN servers/appliances.
Giving your employees VPN access to the organisation can help maintain business continuity but can also be disastrous if they are misconfigured or unpatched. Make sure that your VPN configurations, policies, and software/hardware are properly configured. Implement strong identify verification and authentication techniques and enable 2 Factor Authorisation.
Moreover, with the rapid increase in remote work, VPN servers can turn into bottlenecks. Ensuring that they are both secure and available needs to be the top IT priority. Malicious attackers thrive in chaos and can launch DDoS campaigns on VPN services, depleting their resources in an attempt to knock out the VPN server and limit its availability. The VPN server is the gateway to your company’s internal network, meaning an outage can keep all employees working remotely from doing their job, effectively cutting off the organisation from the outside world.
VPN’s act as doors or gateways giving direct access to your businesses network. Just as you wouldn’t leave your business’ doors wide open and let anyone in, ensuring the security of your VPNs is essential. Without proper configuration and security measures, those with malicious intent can easily infiltrate a VPN and wreak havoc.
Build awareness around secure versus malicious information
In the current situation, your teams need to be suspicious of any emails asking to check or renew your credentials even if it seems to come from a trusted source. Attackers are already releasing malware campaigns that exploit the panic around coronavirus; for example, one such campaign masquerades itself as a coronavirus infection map. Please spend the time to verify the authenticity of any request through other means, such as a phone call to your IT support team. And most critically, do not click on suspicious links or open any suspicious attachments.
- Be very suspicious of emails from people you don’t know- especially if they ask you to connect to links or open files (if in doubt call your IT Support team).
- Emails that create an image of urgency or severe consequences are key candidates for phishing – in these cases, again, always verify via an external channel before complying.
- Emails sent from people you know but asking for unusual things are also suspect – verify by phone if possible.
Define a rapid response program
Just as the coronavirus isn’t taking a break from infecting people, neither is malware and the number of cyberthreats circulating around. A number of malware campaigns are leveraging the coronavirus panic to craft and spread ransomware campaigns. It’s important to double check that all your backups are in place and that your business has a rapid response program that enables you to recover quickly in the case of a ransomware attack. Having people working remotely can pose an extra challenge with this, which is why it is important to make sure that every security ‘doer’ in your organisation, from your IT team to your incident responders, are ready and willing to take on the challenge should the need arise.
Keep calm and carry on
While our current situation is both strange and uncharted, technology allows us to overcome the challenges and fears that we have, so long as we remain calm and apply a good amount of thought. Just like we’re all practicing proper social distancing and making sure that we thoroughly wash our hands, we also need to ensure that we practice and maintain proper ‘cyber hygiene’.
Ransomware attacks are becoming more sophisticated and Syscomm are here to support our clients to take the appropriate action. With the right tools and information, you can prevent, detect and respond quickly to ransomware attacks threatening your organisation.