As the COVID-19 pandemic continues to develop, many employers are transitioning their teams to work from home. From a security perspective, organizations now face a double whammy.
For starters, bad actors take advantage of major news events to conduct phishing campaigns. In times of uncertainty, cyber criminals don't take time off, they see it as an opportunity. On top of that, your employees will access data from devices and internet connections that are likely not as secure as your corporate IT infrastructure.
Bad Actors Leverage the State of Disarray
Cybercriminals follow the news and latest trends to find novel ways to exploit human weaknesses. With the Coronavirus running rampant, the Centers for Disease Control is encouraging telework
to help contain its rapid spread. Many large tech companies are already requiring employees to work from home
—and many other smaller organizations are following suit.
The problem is that organizations shifting quickly to work-from-home (WFH) policies as a result of the crisis are unlikely to have established the proper cybersecurity measures.
People panic, the situation changes rapidly, and organizations hastily implement new procedures. Attackers know this, so they target unprepared businesses—both large and small.
If remote work is new to your organization, consider the cybersecurity risks. Implement basic mitigation measures at a minimum before you ask your workforce to set up office at home.
Coronavirus-Related Phishing Campaigns Are Circulating
Researchers have already observed malware campaigns which capitalize on the heightened interest in the coronavirus.
via email distributed a PDF offering coronavirus safety tips. The file contained a sophisticated remote access trojan (RAT) dropper designed to bypass firewalls.
Another email phishing campaign
targeted businesses concerned with shipping disruption. In this case, a malicious Word document contained a data stealer that's been used in previous ransomware attacks.
Don't Forget Awareness and Training
If you already have a phishing awareness program in place, this is a good time to remind employees to be extra diligent. Revisit the importance of good cyber-hygiene or provide some refresher training.
Businesses that haven't conducted this type of training before have a little more work to do in this regard. But whatever the case, educate employees on the need to pay attention—as well as be wary—when discovering themes on personal and business concerns related to the pandemic.
Cybersecurity Risks in the Home Environment
Two of the biggest exposures when working from home are the devices and the internet connection that employees use to access the corporate network and data.
Issuing corporate-owned laptops solves only part of the problem, and for many organizations that's not even going to be practical.
Even with a corporate laptop, the consumer-grade modem and the internet connection itself (Wi-Fi in particular) create risks. A virtual private network (VPN) is a standard best practice that provides a secure, encrypted connection. Enabling multifactor authentication with the VPN adds another security layer.
Additionally, avoid using a split-tunnel VPN, which allows some traffic to be routed through the encrypted tunnel while some devices can connect directly to the internet. Split tunneling may pose a security risk by opening a backdoor into the connection.
Always Secure Endpoints and Files
If you allow employees to use their personal computer, it can complicate matters because they may have improperly configured firewalls, unnecessary open ports, and numerous other security holes.
If you can't avoid letting employees use personal computers, be aware of the basics:
- Outdated or unpatched operating systems and apps—Ask employees to ensure they use the latest versions of their OS, as well as web browsers and other applications. Additionally, they should enable automatic software updates. If the OS is no longer supported and household members use the computer to surf the web and download various apps, strongly consider other alternatives.
- Files and backup—in the ideal scenario, employees should not store sensitive documents on their devices or using file-sharing services that don't encrypt data. If they can't avoid relying on local storage, require them to encrypt their device and turn on the built-in firewall, at minimum.
Key Additional Steps
Beyond securing the employees' devices and access, you need to take several more actions.
- Passwords and authentication—Require your workforce to not reuse their social media and other personal passwords for corporate accounts. Consider refreshing authentication credentials before starting WFH.
- Social media—Advise WFH employees to not check their social accounts on corporate devices.
- Social engineering—Caution employees against sharing on social media that they're working at home so they avoid becoming a direct target.
- Suspected attacks—Make sure your employees know what to do if they suspect an attack or anything else that raises suspicion.
If you use a managed detection and response (MDR) service, take advantage of the provider's endpoint agent for visibility into your remote workforce. Monitoring the network in real time will also help you detect and respond to threats quickly.
For an additional resource, check out Arctic Wolf's quick guide
to a cyber-conscious employee. It lays out important cybersecurity steps your workforce should follow at all times, not just in exceptional circumstances.
Preparedness Goes a Long Way
Unless your organization faces an immediate WFH need, take time to review your security practices and protocols before sending employees off-site.
Consider operating with minimum staff while you enact the proper protections. You may lose a little productivity, but the alternative is increased exposure and risk of a data breach.
As you monitor the rapidly evolving COVID-19 situation
, don't wait until the WFH need arises. Plan now and put your contingencies in place. Giving yourself time to prepare will greatly improve your ability to protect your assets.
Naturally, the urgency of the situation will put additional strain on your IT personnel. If your team is stretched thin and you need additional assistance—or you just want to ensure you're protected as much as possible—let Arctic Wolf help. MDR
services as part of our security operations center (SOC)-as-a-service
can help you stay ahead of the bad guys, leaving you one less thing to worry about in these anxious and uncertain times.