The COVID-19 crisis was not only unexpected, but also posed a huge change on our daily lives; for instance, remote working became a major necessity to curb the spread of the virus.
This change provided insights to management and board members of various organisations on their ability to continue supporting and managing their IT landscape, especially from a cybersecurity perspective. IT expenditure is unavoidable during this time for any organization that wishes to continue with operations; regardless of your industry or size. Regulatory and Compliance measures have also created an increased need for organisations to invest in cybersecurity.
Most companies were caught completely off-guard by the pandemic and the lockdown, many organisations did not have the computing and/or resources to support remote working, at the same time employees in general were not subscribed to adequate firewall or antivirus protection packages to work remotely on their personal computers.
“…manage thousands of employees connecting to corporate resources and accessing company networks remotely”.
Remote working has however become the new norm for companies worldwide, amid the COVID-19 crisis, making cybersecurity even more crucial, in order to support and manage the thousands of employees connecting to corporate resources and accessing company networks remotely.
Remote working has created a significant increase in cybersecurity risks. While global efforts are driven to address health and economic challenges and threats caused by the outbreak, cyber criminals are exploiting the current global situation with a flood of COVID-19 related scams, in the form of phishing campaigns, malware, ransomware and password hacking. It is therefore, imperative for organisations to realise the cybersecurity challenges we face in this trying time and ensure that they take the required corresponding and corrective actions to alleviate the emerging risk.
Organisations invest a lot to secure their IT infrastructure to limit cyber risks, this includes solutions from enterprise-grade firewalls to the extend of the implementation of Security Operation Centers to monitor the entire network environment to limit attack vectors. In contrast, home computers are more vulnerable to cyber attacks as they are possibly running on consumer-grade firewalls and anti-virus software, which is unreliable and potentially not up to date.
With many employees using their personal devices to connect to the company’s network, it is very unlikely that IT support resources have the ability to access these devices to harden cybersecurity or standardize settings. Without specific calibration with the company’s security policies and parameters, IT support resources are not able to effectively address and manage vulnerabilities on these personal devices.
Accidental data exposure
Thousands of new, remote workers access data outside of the secure office network, this comes with the risk of company data ending up in the open, especially with employees making use of open cloud storage and other third- party services. This data could include customer information, credentials and/or other sensitive, confidential and business critical data.
The increased reliance on internet connectivity to enable remote working means that employees are more likely to be exposed to threats that target web services and applications. There has been an exponential increase in phishing and adware attacks during the pandemic, with attackers exploiting the COVID-19 hysteria through malicious domains, social profiles and campaigns. Attackers have also devised ways to “hijack” the administrative privileges granted to conferences to remotely execute malicious code, this is due to the increased number of people attending video calls, not to mention the “unwanted” or “uninvited” attendees.
Infected machines normally require the direct attention of IT support resources or security specialists to remediate and restore. This would traditionally be easy to accomplish by having the IT department readily available in the office, with the situation around the pandemic this has become more challenging. If a remote working computer is infected, it is challenging for IT support resources to respond and resolve the issue. As a direct result, the attack will possibly last longer – causing more damage.
After examining the potential risks associated with working remotely and in our position as a certified cybersecurity solutions provider, we want to raise the following recommendations with regards to security measures that decision makers should consider and implement to decrease the organisations’s overall cybersecurity risk level.
1. Advanced Endpoint Protection
Having a large amount of externally connected devices connecting to your corporate network opens up more paths for hackers to access your corporate and customer information. Remote working is the new norm, this means endpoint protection should be more important than ever.
Next-Gen Anti-Virus (EDR) protection incorporates real-time response and continuous monitoring of your environment. This capability significantly aids organisations with the detection and response of any threat.
2. Encrypted Connections
The implementation of a VPN solution has been discussed on numerous occasions since the beginning of the current crisis, as a VPN connection is one of the best tools for organisations to maintain the productivity of workers working remotely. As a result, it is important to ensure the protection of your VPN. To mitigate man-in-the-middle (MITM) attacks, it is highly recommended to use a VPN solution that offers an always-on model, with an employee’s devices needing to be connected to the designated VPN to access any resources that require an internet connection.
3. Increased Identity and Access Management
It is necessary to enhance access control to eliminate the risk of losing credentials and unauthorised access to systems. Multi-factor authentication should be used to add an additional layer of security when accessing corporate resources. At the same time, the continuous monitoring & visibility of access is also very useful in detecting abnormal behaviour. Management should only grant employees’ rights to access information and systems required to perform their designated duties, to avoid attackers gaining access to sensitive information.
4. Email, instant messaging and browsing protection
Malicious emails and URLs are amongst the most common and biggest threat vectors. Organisations should deploy advanced and specific solutions to protect employees and other users. These services are expected to be used widely, given the nature of remote working as they are heavily targeted by attackers.
5. User Security Awareness
New tools and solutions are being implemented to provide an effective remote working environment to employees. Many users may not be familiar with these newly adopted tools and/or solutions. To mitigate the increased risk associated to remote connections, organisations should provide extensive user education and training on the risks and the different types of threats users may encounter.
Despite the surge caused by the COVID-19 outbreak, we have seen an increasing number of organisations, locally and globally that still continue to work remotely. As such, organisations should be planning ahead and looking to implement and appl security controls for its particular environment – Now, and for when things return to normal.