Organizations around the globe are preparing for and executing precautionary plans to protect the health and welfare of their employees and citizens. The past few weeks have been a whirlwind of information, caution and concern as COVID-19 virus spreads around the globe. Fortunately, the digital age in which we live provides unique abilities to remain connected to our organizations, business applications and customers so as to minimize the disruption to our secular responsibilities. These technologies however, if not governed, can open up the opportunity for cyber threats that pose large risks to an organization’s operations and data integrity.
The main challenge here is obviously the physical risks associated with the COVID-19 virus; the virtual risks begin manifesting when we begin to expand remote access to applications and data at an accelerated pace and overlook potential risks associated with access and privilege to these assets. In times of crisis, availability is often prioritized over security. The following are some areas to inspect as your organization is proceeding with increased usage of remote access and operations.
1. Remote Access Technologies – These include traditional VPN technologies, SSL VPN, and remote desktop or network extension technologies such as Remote Wireless Access Points. These technologies are often architected to handle the load of just a fraction of the overall workforce, so capacity and performance will be an immediate concern. Are there enough licenses, processing, and bandwidth to handle the requests? Additionally, the security policy that governs these devices should be reviewed to ensure that the proper permissions are configured to govern the user’s access based on their workflow. Multi-factor authentication if available should be enforced and audit logs of activity should be verified to the log server or SIEM if available.
2. Security Awareness Training – Organizations should prioritize security awareness modules dealing with remote access and data handling as prerequisites for providing remote access. Users are always the weakest link and since employees will be working from uncontrolled locations and devices, preparing them to be vigilant in regards data stewardship, application access, and best practices is extremely vital. Many cyber criminals have setup fake COVID-19 sites laden with malware to take advantage of the public hysteria. Just like washing your hands for 20 seconds, take a few seconds to think about that email or link before you click on it.
3. Fraudulent Scams – Cyber criminals are often the first to react and take advantage of a crisis. Scam emails have already begun to circulate, attempting to lure people into bypassing business processes to combat fake reports around shipping, logistics, financial and other operational impacts because of COVID-19. Care should be taken to communicate often and effectively to the entire organization around any new or modified procedures.
4. Cloud Application Usage and Audit – Remote workers will find ways to get their jobs done even if it conflicts with standard policy. Providing employees with the proper instructions for online collaboration platforms, file sync and share, and other SaaS tools will help reduce frustration and increase the security posture as more digital work is done outside of the enterprise. Increasing audit tools within these platforms or overlaying supplemental technologies like CASB that take advantage of native APIs are non-intrusive and easy to implement to provide an additional layer of visibility.
5. Endpoints, Endpoints, Endpoints – As much of the workforce has mobile abilities it’s important to ensure endpoint protections are both deployed, patched and up to date on policy. Whether it’s advanced EPP/EDR tools that help detect and prevent malicious activity or EMM systems that help enforce policies, due care should be taken to ensure these technologies are deployed and in working order. It may also be relevant to increase the risk severity for alerts from these devices coming into a SIEM or SOC for triage and investigation.
Organizations have used remote access technologies and other software to enable a digital distributed workforce for many years. The current challenge is the increased usage of these technologies by workers that often have never used them. It is not necessarily the time to rollout new technology, but adhering to simple, sound security controls and best practices will help mitigate risk associated with their usage while mitigating the physical risk associated with the spread of COVID-19. Whether it’s a physical or virtual virus, strong hygiene is an essential preventative element.
ePlus has provided guidance on building and maintaining security hygiene as part of our CyberSmart campaign during October’s Cyber Security Awareness Month. Check out our podcast around fostering a security-aware culture through user awareness as well as other highlights here.