Tim Simons, UK Security Product Manager at Proact
Over the last 14 days, our world has changed.
We are being told to be socially distant from each other like never before. Yet we have adapted new ways of working, which for some have increased their day to day contact with their colleagues.
We can’t see our older relatives, yet we are finding new ways to stay in touch using existing technologies.
We can only go out of the house for essentials. Yet we feel a strengthened sense of family and community, as we all work together to fight the disease.
We’ve seen businesses take a pause, and we have seen others grow!
Here are some actions your business can take to help your workforce work securely from their homes and remote locations.
End point protection
Without the extra protection of being behind the enterprise firewall of the company network, the threat of falling victim to dangerous website links in email or files containing malware/ransomware is increased.
Up to date anti-virus/anti-malware on end points is essential to identify and stop malicious software from executing.
Cyber criminals are taking advantage of isolated and often anxious users, many of whom will be working away from enterprise security protections, to trick them into opening COVID-19 related information leading to the initial stages of compromise. A dramatic increase in virus-related phishing campaigns makes an already very high-risk attack vector even more important to mitigate against.
SIEM and visibility
With most company devices now sitting on basic WiFi networks in user’s homes, the overall attack surface of the enterprise network has exponentially increased. But effective security logging can still be maintained across the organisation to provide visibility of how devices are accessing SaaS platforms or other published services, interpreting and detecting unusual or seemingly unwanted activity.
Further applying User Behavioural Analysis with a next-generation SIEM tool can use machine learning to baseline user access behaviour to these platforms, providing greater visibility of what users are accessing, where from, when and how.
Organisations already running security logging will clearly experience a large shift in access behaviour and activity.
Multi Factor Authentication (MFA)
Enable MFA for VPNs and SaaS platforms to provide an additional layer of security for users connecting remotely. MFA helps protect against compromised credentials being used by requiring that a device owned by the real user be present during the authentication.
While tempting to make shortcuts to enable access to remote workers, it is advisable to think through carefully any changes being made and review their security implications. Cyber criminals will be relying on enterprises leaving security holes and vulnerabilities, while making changes under pressure that they can then exploit.
Any firewall changes should be reviewed carefully. Published applications should be patched to the latest security levels and scanned for any vulnerabilities. MFA should be used wherever possible, and user permissions reduced to only the service access they need. Password policies should ensure the use of strong passwords and phrases.
Many of the large network security companies have suffered serious vulnerabilities across their VPN and access gateway platforms in the last year. It is important to make sure these are fully patched, along with any client-side software that is used to access them. Again, where possible the use of MFA should be applied to the authentication process to provide further protection.
With the number of COVID-19 related scams currently circulating on the internet, it is advisable to communicate to the workforce the need to be especially vigilant around email communications and visiting web links from non-official sources.
At Proact, we know that you have a responsibility to look after the health and safety of your employees and the best way to do that is to ‘Stay At Home’. We want to make sure your security is protected while you do that. Reach out to us at any time for friendly advice and to discuss your security strategy at this difficult time. You can contact us using the below form.