The COVID-19 emergency has forced organisations to adopt remote working rapidly in order to maintain service levels to customers. Having overcome the technical and other challenges inherent in transitioning large numbers of employees into a totally new working style, they must take steps to address the security issues related to a remote workforce, says Al de Brito, Senior Consultant at ContinuitySA.
“It’s very difficult to secure multiple employees who are accessing corporate data from home, but it’s something that must be tackled. The COVID-19 emergency has seen an uptick in cybercriminal activity as remote workers are seen as relatively unprotected and vulnerable to hacking,” he says. “In addition, the transfer of data to and from the corporate systems also creates vulnerability.
“CIOs and risk managers need to look at the full taxonomy of the risks and take corrective action.”
Mr De Brito says that among the most prevalent risks for a remote workforce are:
- Data breaches. Currently, the digital transformation that many organisations faced in having to speedily implement remote workforces, could potentially have overlooked some key elements of security. We see more data traveling between remote users and the corporate IT systems which may bring potential risks to data breaches with the man in the middle. It has created a momentous digitalisation tidal wave across the global networks instigating the grasp for attackers to feed off the vulnerable in susceptible times. In addition, users’ home networks are unlikely to be as secure as a corporate network.
- Command and Control (Phishing). Remote workers are vulnerable to phishing-type attacks during the pandemic lockdown. Attackers are plundering on the uninformed individual in misleading users into clicking on malicious links or downloading malware. For example, an e-mail purporting to come from the CEO and asking for certain information might be answered without much interrogation. Sadly, but unsurprisingly, cybercriminals are using COVID-19 as bait for these attacks—an example would be a link to a malicious site or maps containing information about the virus.
- VPN Brute-Force. Considering how many people are working remotely, attackers find themselves with a broader playing field to create brute force attacks through the VPN. These are found to be attacks on VPN or Active Directory authentication.
- Evading Multi-factor Authentication. One of the key attack vectors from the man-in-the-middle is finding alternatives to bypass the multi-factor authentication to online platforms or cloud-based applications. As newly added members to the remote workforce may be unaware of how these platforms look like, they are disposed to just accept what they see, of which these could potentially be websites that fall part of web jacking.
- Malware and ransomware. These remain key threat vectors, and users need to be kept up-to-date with what these attacks look like.
Remote working has many potential advantages and be a great asset, but these threats need to be addressed. He recommends the following steps for consideration:
- Build awareness. Although most IT thought leaders believe that remote workers are a security risk, a key element that could be placed as the first line of defence is to ensure that remote workers are properly informed about risks they can avoid. In light of the lockdown, it is a perfect time for IT or Security teams to provide awareness and compliance training. It is a fundamental component to security, as security is not all about the devices we use to protect our perimeters but in essence, security involves everyone.
- Implement encryption. Given that the main target of cybercriminals is data, it may be worth implementing data encryption across all corporate data, including that stored on endpoint devices. With careful planning and designing, organisations can identify what type of data requires to be protected by encryption, the role the user has in the organisation and what type of encryption should be implemented to achieve its objectives. It is not always the necessity for data to be encrypted but end-points may require to be encrypted as well.
- Secure endpoint devices. Seventy percent of all data breaches can be traced to endpoint devices; when most of the workforce is working remotely, this risk is that much higher. IT departments need to find ways of ensuring that anti-virus software is kept updated and that application and operating system security patches are automatically uploaded. Another key element of securing the endpoints is putting in place a system for backing up the data on these devices securely.
- Classify data and implement access control. It is essential that organisations understand what data they have, which of it is sensitive, and how long each piece of data has to be retained. Once this is done, steps can be taken to ensure that sensitive data has the most protection.
It’s worth emphasising that data needs to be properly deleted from the system—simply deleting it doesn’t expunge it from the hard drives and it thus remains a target for hackers.
Equally important, access to data must be aligned with each person’s role. Employees should only be able to access the data they need for their job.
“Large numbers of remote workers do create a whole new range of risks that must be addressed and should consider planning and instituting actions they need to take to mitigate those risks,” Mr De Brito concludes.
We can assist you with your planning, security solutions as well as your cloud backup and replication solutions, contact one of our Business Continuity specialists to assist you.
 Absolute, “2019 Endpoint Security Trends Report”, available at https://www.absolute.com/go/study/2019-endpoint-security-trends.