As most of us get acclimated to working from home, many in the cybersecurity space are getting quite busy! Remote work forces are nothing new, but the scope of employees now working from home has heightened the need for cybersecurity in the face of increased threats.
To better protect remote workers, as well as corporate assets, these eight steps are certainly worth considering, Please check out the webinar or visit CI Security for additional detail on these important steps.
1. Control the Work-From-Home (WFH) Environment – It’s important to understand what the WFH environment is if you’re going to be asked to help secure it. The following questions can help infosec professional put better plans together:
- Home WiFi: What equipment are WFH employees using? Was it supplied by the ISP or is it individually-owned?
- Have they changed the default network and administrative passwords?
- Are they using WPA2 or WPA3 wireless security? WEP should not be used at all at this point.
- Is the equipment properly-configured and updated? Many consumer-class routers and access points are running on vulnerable firmware. Keep in mind that older devices may need to be replaced if no longer supported.
- Is the organization using password best practices including 2FA, running a modern IPSEC or SSL VPN, and enforcing endpoint security?
- If employees are working with sensitive data that must be downloaded and used offline, is it being stored using some type of encryption at rest such as Microsoft Bitlocker?
If employees are working with sensitive data, and conducting phone conversations around this data, we even suggest making sure there are doors or other noise barriers in place, and disabling Home IoT devices like Alexa or Google Home.
2. Control the WFH Computer – Your organization may not be able to assign laptops to every employee at this time. But business-specific measures can be put in place using what is already available. If remote working extends beyond initial timelines, consider having your employees bring their office device (tower) home for work. If employee-owned devices are going to be used (Bring Your Own Device or BYOD), consider setting up a “health check” portal and installing endpoint security, patches and other updates as needed, using company resources. MDM (mobile device management) applications can help with securing devices like phones, tablets and Chromebooks.
3. Up Your Phishing Game – Phishing threats and bad actors are quite sophisticated today. Targeted attacks and campaigns that capitalize on human fears can lead to users clicking on email links or downloading attachments that they should not. There’s already been a huge uptick in coronavirus-related phishing emails, and these will likely increase as WFH continues. We recommend creating a “targeted education campaign” to arm employees with the latest information on phishing threats and trends to help them identify scams before they are phished. Subscription-based anti-phishing products can provide both upstream protection and user education around this problem.
4. Worry About Sensitive Documents and Regulated Data – It’s important that those employees that work with sensitive data – HR, Finance, etc. – be given the tools and instruction on how best to do this remotely. This may require upgrades to the devices and tools for these specific employees.
5. Watch for Cyber-Threats – While your InfoSec team is likely up to the task, they will be busier than normal during this uncertain period and they will also be dealing with their own set of personal challenges as well. To help them do their job, it’s important to leverage an SIEM (Security Information and Event Management) or other cybersecurity alert system. This will help take some of the burden off their shoulders and help with the day-to-day monitoring needed. As CI Security notes, this could be a good time to invest in outsourcing to a “recognized MDR provider.” Automation is a great force-multiplier in infosec.
6. Expanding VPN – It’s likely now, more than ever, that VPN usage at your organization will expand to include folks that haven’t used it before. Prepare for the additional usage load and be ready to train people on best practices. Anticipate and account for lead times if capacity or licensing increases are needed. Even software license keys have seen backorders lately!
7. Say No to Split-Tunnels – This is a scenario where the remote device is able to access both work resources via the VPN and Internet bypassing the VPN at the same time. CI Security does not recommend this as monitoring employee activities is more challenging.
8. Keep Great Records – Things are happening really fast right now as companies and employees embrace this new remote working paradigm. As such it’s important to take notes and keep records on all incident response and action. This will not only help with response but can play a vital role in building out a business contingency plan for whatever might happen next.
These are eight great steps that InfoSec should be taking as they look to secure their organization while accommodating remote worker needs. Be sure to check out their article – there’s a nice WFH Security Assessment at the end that might be helpful and checking your current security landscape.