If yo’re an IT Manager or Technician working with an in-house IT team, you need to check out our video made especially for you! Learn what you can do to ensure your network is secure for users working from home.
That’s right the World is indeed changing but you’re in IT and your World changes all the time. We’re in IT too, and we’re all used to constant changes in our World. So how has IT been affected by the recent COVID-19 situation? Well, people have moved from the initial shock to acceptance and working from home for millions of users across the world is now the new normal and It’s highly likely that working from home will remain long after COVID-19 is a distant memory. Companies are particularly vulnerable during this time from opportunists, threat actors and even insider attacks. Whilst overall cybercrime has not risen. There has been a huge rise in COVID-19 related phishing attacks, up 667 percent from February to March this year. 40 percent of companies have reported seeing an increase in cyber attacks and
only 30 percent of businesses say that they feel fully prepared for an all-remote working situation. So COVID-19 cyber attacks are ramping up and an APT was recently spotted spreading custom and unique remote access trojans that can take screenshots, download files and more and in a COVID-19 themed campaign. The World Health Organization has also issued warnings about scammers pretending to be them in fake official noises about the virus. Over a hundred new domains related to coronavirus are registered daily purely for phishing purposes. And there are a lot of COVID-19 tracking maps, software, mobile applications that look legit, but actually contain malicious code such as key loggers or crypto-mining scripts. Of course, all of this presents new challenges for IT departments. You’ve lost control of the users environments. They’re at home potentially using a PC or laptop that you’ve never seen before, connected to a Wi-Fi network that you didn’t configure from a router that may be run an outdated firmware. And your attack surface has just increased tenfold due to massive device sprawl. Before you probably had a nice asset list and now you could have dozens of new devices accessing company systems and data. People are stressed and worried about the virus so they are less likely to remember any security training that you’ve given them and they’re more likely to click on a phishing email or give credentials to a malicious website. So as an IT manager or a technician working for a company, what can you do at this time to ensure that your network and the business remains protected? Number one, enforcing cybersecurity awareness. With users working from home it’s essential that companies enforce cybersecurity policies and practices. Employees may be more likely to click on malicious emails from phishing and other social engineer attacks or install unauthorized applications. IT teams must reinforce and re-educate workers on the importance of security awareness during this critical time. If you are doing phishing simulation training within the business
Continue with it. If you aren’t now is an ideal time to start. You must identify weak links in your security and this includes people. Now we know everyone is a bit stressed at the moment, but it’s still better to fail safe than to have a user click on a real fashion email and then have a breach within the business. The last thing your company needs right now is the stress of dealing with a cyber attack. Personal and mobile device security. So this comes under bring your own device. Company should recognize there is an increased risk from malware on mobile and personal devices especially with such a huge range of operating systems and platforms out there. Workers may be more likely to save confidential company data to their personal devices putting sensitive company and customer data at risk this would be classed as a deliberate data loss. There is a higher potential for accidental data loss as well. Data being stored on devices that are out of sight of any backup systems for example.
internal IT departments should require device registration and approval to allow you to have oversight of devices that are allowed to access company data and there’s a much higher likelihood of unsupported or out of the devices leading to exploitation of known security vulnerabilities. And companies will lose visibility and control of the endpoints client-side. So you should look to implement monitoring solutions where possible. Number three – secure connections. It’s highly possible that workers are using an insecure connection to connect to company networks. This opens up the business to potential breaches and provides in-roads for attackers. Using a secure VPN where working remotely, must be in place and enforced. It’s also a good idea to remind users to disconnect the VPN before doing any personal browsing. The reason it’s important to remind users to disconnect before doing any personal browsing. It’s the last thing you need is to have a bunch of users sitting on Netflix or YouTube where all that traffic is going out via the VPN and then out through your company Internet connection. This could impact performance or VPN remote desktop solutions for other users that are actually still working and you should always use secure VPN protocols as seen here on the screen. Number four – ensure strong password management and authentication. Now of course we couldn’t talk about
cybersecurity without bringing in the old passwords and with many devices that can be a challenge to ensure workers adhere to any password policies that you have. So it’s really important and might be a good idea to send an email to all your remote workers just reminding them of any password policies that you have in place. Do not just depend on single factor authentication and whatever possible use something such as an SMS one-time password, two-factor authentication or Hardware keys. A great tip that can prevent overloading your helpdesk with password reset requests is to enable the self-service password reset option with Office 365 this will prompt users to store a mobile number and an alternative email address so that they can reset their own password safely. For your own internal password management we’d advise using a password manager. Now here m3 we use PassPortal, but there are many others available. This will allow you to store your own passwords centrally especially important when your IT staff are also working remotely. So for example, if you need to get access to one of your routers or switches or servers or whatever then you don’t have to rely on
speaking to someone else who just has the password remembered in their head, you can all access these passwords centrally which means they’re stored securely and also, a lot of these systems will generate secure passwords for you rather than someone having to think of a password.
Moving on to number five and patching then. This is something a lot of businesses struggle with at the best of times. More critical than ever is to ensure that network device firmware is kept up-to-date. So this includes any routers, switches, firewalls, wireless access points that you have. This can be really challenging if you aren’t on site what if a device doesn’t come back up after updating the firmware? How are you going to get on site? How you going to get that machine back up and running? So it is quite risky and I can understand why a lot of people would avoid doing that at this time. But it is critical that you keep your patching up-to-date where possible. Pay particular attention to the basis that operate at layer 3 that are responsible for routing remote traffic. If you are Cyber Essentials certified do remember that you must apply any critical or high level security patches within 14 days
to remain compliant with the standard. If a critical zero-day was disclosed through any official channels by any recommended workarounds before the patch is released because it can take days for a patch to be made available from Microsoft or Apple for example. Number 6, actionable intelligence
mitigating risks with a remote workforce requires two things; action and intelligence. Understand your risks by uncovering who and fourth is most vulnerable within your IT environment. It’s more critical than ever to prevent detect, test and monitor risks within your business. If you know yourself, but not the enemy for every victory gained. You will also suffer a defeat.
You must also identify existing threats, profile them and implement proactive solutions accordingly. By evaluating your greatest infrastructure, device, and employee related risks and putting the right security strategies in place
You can gain the intelligence required to take action and respond
because fear isn’t the greatest risk facing your business and workers today… being unprepared is. Here’s a summary of our remote access security best practices, use long keys and store them securely, if possible use client certificates for device authentication rather than pre-shared keys and
ensure that you disable split tunneling on VPNs, always use strong authentication credentials and ensure that both remote and local endpoints are constantly monitored. Now we have some bonus security best practices for you here. You should increase logging and alerting. Pay more attention to UEBA alerts. Define powerful detection rules and policies and increase your email filter aggressiveness to combat the increased phishing threats. Deploy any IDS systems correctly. So ensure any intrusion detection and intrusion prevention systems are deployed behind a VPN server, rather than inline and
configured correctly to decrypt and analyze VPN traffic. Make sure you hide any brute-force protocols. So ensure there’s no port forwarding allowed to any endpoints using remote protocols such as Remote Desktop. Filter incoming connections and implement port knocking with complex patterns.
And lastly maximize the principle of least privilege effectiveness. Hardening access control rules and policies and limit privileges and rights as much as possible. That’s all for this video we hope this helps to ensure your network is secure while everyone is working from home stay safe, and we will see you soon.