The Cybersecurity Risks of the “Work from Home” Shift
The COVID-19 virus has companies across the world scrambling to make it possible for their employees to work from home. As a result, a lot of decisions are being made rapidly, all with the goal of continuing operations as seamlessly as possible.
At DirectDefense, we completely understand this need.
Now that companies are beginning to resume “normal” operations from remote locations, a new concern has reared its ugly head: what about Cybersecurity?
Ideally, cybersecurity protections should have been made up front; however, measures can still be taken to increase security for your company’s vital information as employees use and access it from disparate locations.
Here is our quick list of measures to both consider and evaluate how to implement.
Prepare your systems. You’ll want your systems equipped with the best security options for a “work from home” or “road warrior” scenario. Regardless of post-health crisis events, all remote workers should have the following options enabled as a minimal solution:
• Multi-Factor Authentication (MFA) – Enable MFA for all users for as many solutions as you have – no excuses. Office365, GSuite, Salesforce, ServiceNow.. it doesn’t matter, get MFA rolled out to your organization.
Password compromise due to phishing, coercion, or password spray is here to stay and may increase during times of global news events. With a remote work force, account protection is mandatory. Having MFA in place slows the bad actors down, and helps generate alarms to identify potentially-compromised accounts faster.
• Endpoint Detect and Response (EDR) – It should go without saying that having an EDR/Next Gen AV that reports centrally is a requirement to keep visibility on endpoints and provide detection of infected systems – regardless of where the user is.
• VPN Solutions – Any and all corporate-related network traffic should be going through a VPN (even if it’s in the cloud). Granted, the likelihood of public WiFi is minimized during this time, but regardless, a VPN solution prevents eavesdropping, even when on a home network, and provides your organization with the ability to monitor from a central location for signs of compromise.
Prepare your organization. Did you have good visibility over your enterprise before this health issue happened? If you answered yes, then great, this disruption should not be a big deal. If you answered no, it’s time to think about how to get visibility quickly with a distributed work force.
Candidly, having a cloud-based SIEM is your best option as most of these solutions now have integrations into your primary cloud sources, such as Office365, Azure, Google Apps, AWS, and others. We can’t recommend it enough! You should get visibility as fast as possible, if for no other reason than for the peace of mind of knowing who is accessing your environments and from where.
Most importantly, get your team prepared with procedures on how they will respond to compromised accounts. It has likely already happened or will happen shortly if you don’t have MFA enabled. Figure out how quickly you can reset a user’s password and get in touch with them to perform remote triage of their account or device.
Go the extra mile. An additional investment we recommend is leveraging an SD-WAN solution. By enforcing the use of these solutions, you can apply additional monitoring of web activity and behavior and implement DLP technologies to monitor usage of your data.
From a visibility standpoint, SD-WAN is a great option as regardless of where your employee is, you can determine if they’ve fallen victim to a phishing campaign, or identify a system that is leaking data due to a malware compromise, and respond to the threat event before contacting the affected user. Again, all of this can be fed to a SIEM for centralized monitoring.
Provide equipment. You may have supplied your employee with equipment or are letting them use their home device. If you sent your employee home with a corporate owned device/laptop, that’s great – you can control the narrative of how the device is configured and supposed to be used.
If you let your employee use their personal computer at home, you should realize that you have assumed liability for allowing their home computer to access your data (or your clients’ data). If you’re going to let employees use their personal devices, at the very least put your corporate EDR solution on them.
Ideally, you should provide as many options as possible to your employees to maintain visibility during this time, as well as determine if they have had any compromises to their devices prior to extending access to your corporate systems and solutions.
We hope this list assists you in determining your risks during this time. If you have any questions or would simply like a second opinion on the strategies you’ve deployed, feel free to reach out to us.