Across the world, we are witnessing the effect of the COVID-19 pandemic. Most businesses are making changes to how and where they function to ensure the safety and health of all their employees, customers and partners. The environment is dynamic and the continually shifting paradigm has substantial consequences on organizations’ security. Remote workforce has become the new ordinary for organizations hopeful of flattening the curve of the pandemic.
While remote working for some companies has been normal and ongoing for many years and the new push is just a matter of escalating existing solutions and policies. In many other environments, work from home is a foreign concept and technology, operations and policies are not prepared for this new reality.
Adversaries have kept a close watch on the challenges and opportunities arising to take advantage of this situation using tactics such as-
Phishing remains the primary initial access vector for a variety of threat actors. In most cases, greed and fear of the victim play a vital role in the success of phishing attacks and the pandemic is no excuse as its spread is global. Phishing attacks assure new information about the virus or updates on official guidance to lure the victims into the traps set by the adversary.
Targeting a Remote Workforce
With the culture of choosing alternative workspaces becoming the new normal, there has been a significant increase in the use of software as a service (SaaS) and cloud-based remote connectivity services by companies to enable and support employees. These remote working services could pose a potential security risk when combined with possible human-error-enabled security lapses. Threat actors seek to collect credentials, potentially allowing them to gain access to these SaaS accounts and victim organizations data in order to exploit them.
Vishing Robocall and Tech Support Scams
Telecommuting is the first shift employees would take as they adjust to flexible work arrangements, they will increasingly rely on phone communications to maintain and continue business operations. Adversaries are taking advantage of this situation to conduct malicious operations attempting to mimic official business communications. Such operations include voice phishing or “vishing” and Robocall scams, as well as technical support scams.
As remote working continues, employees must efficiently and have a strong defensive posture by ensuring that their remote services, VPNs and multifactor authentication solutions are fully patched and properly integrated. The organizations must ensure that employees are provided sufficient awareness training in order to avoid such traps.
Six key factors that can help remote workers’ cybersecurity:
- Having an updated cybersecurity policy that includes remote working. The existing security options may be strong, but organizations must review them to ensure they hold good as they transition to having more people working remotely than at the office. Essential security policies must consist of remote working access management, the use of personal devices, and efficient data privacy considerations for employees to access documents and other information. The organizations must also factor in the increased usage of shadow IT and cloud technology.
- Plan for BYOD (bring your own device) devices connecting to your organization. Employees may use their personal devices to execute business tasks, especially if they cannot get access to a company device as supply chains may slow down. Personal devices of employees will have to be updated to have the same level of security as a company-owned device. The organization will also have to consider the privacy implications of employee-owned devices that will be connected to a business network.
- Sensitive data may be accessed through unsafe Wi-Fi networks. Business sensitive data may be accessed by employees through their personal or open Wi-Fi networks which will not have the same security controls and firewalls as the office. Connectivity will be taking place from remote locations, which will entail a greater emphasis on data privacy and hunting for intrusions from numerous entry points.
- Cybersecurity hygiene and visibility will be critical. The cyber-security hygiene of personal devices is usually on the lower level based on its usage purpose. The consequence of having employees working from home can result in an organization losing visibility over devices and how they have been configured, patched and even secured.
- Continued education is crucial, as coronavirus-themed scams escalate. The organization must note the importance of continuous end-user education and communication while providing the facility to contact the IT for any advice needed. Organizations should also consider employing more rigorous email security procedures.
- Crisis management and incident response plans need to be executable by a remote workforce. A cyber incident has great potential to spiral out of control due to the current nature of working conditions that are being adapted. Effective remote association tools including out of band conference bridges, messaging platforms and efficiency applications can allow a dispersed team to create a “virtual war room” so as to manage the response.
The COVID-19 crisis and its impact are likely to be with us for a while. Organizations from every industry will be forced to make tough decisions swiftly to enable a remote workforce. There are risks involved in quickly enabling and managing a remote workforce, but the security of your networks, devices and data shouldn’t be among them.
During times like this, the best companies continue to innovate and focus on customer success. This will help them emerge from a crisis even stronger than before. Cybersecurity has been and will remain mission-critical to organizations, to provide business resiliency, and just as importantly, peace of mind to reassure their employees and customers that they are so they can continue to focus on what that matters most.
By Nitin Varma, MD, India & SAARC, CrowdStrike