Recent events caused by the Covid-19 coronavirus pandemic have encouraged more and more companies to facilitate telework for their employees as a preventive measure. These efforts may be prudent and recommendable, but they also represent a cybersecurity challenge that businesses have to deal with at a global level.
The fact is that, as the number of employees working from home increases, so too do the complexities when it comes to providing secure access to systems, applications, and data from outside the corporate network. Cybersecurity experts are already warning about the risks that could be entailed by implementing remote working tools without considering security beforehand, or without taking a holistic approach to the process.
Given this situation, it is especially important to have an advanced cybersecurity solutions and managed services provider such as Cytomic, to help tackle fatigue, as well as the increase in demand for tasks to be performed by IT teams and SOCs in large companies.
Errors related to working from home_
Employees working from home can inadvertently increase the risk of data breaches or other incidents, which can in turn lead to serious financial losses, reputational damage, customer turnover, and legal repercussions.
- Network vulnerability due to increased use of remote access: allowing employees to access the network remotely can create greater vulnerabilities, especially for companies that improvise when adopting measures like this in response to a situation such as the coronavirus outbreak.
- Use of insecure home networks, such as public Wi-Fi networks, and unencrypted communications between workers’ homes and the systems in the office.
- Not having multi-factor authentication, since some remote access endpoints only require a simple login and password to log in.
- Not having BYOD devices with the updated security measures needed to deal with more advanced attack techniques, such as Living-off-the-Land attacks targeting corporations. In fact, several such cases have already been seen, and in the last 48 hours, there has been a market increase in ransomware attacks via RDP (remote desktop), due to open ports on the router.
- Loss of data. This is particularly worrying for companies and employees with access to personally identifiable information or other confidential customer or business information. Portable devices are more likely to be lost or stolen when they are taken out of the office. Depending on the level of encryption, the data on a stolen or lost device may be accessible to unauthorized users who come across this device.
- Falling for social engineering, leading to financial losses due to the impossibility of properly controlling activity. Employees who are not in the office are also not available to meet in person. Consequently, companies that rely on personal contact, or telephone confirmations, to make financial or securities transactions may be especially vulnerable to identity theft or phishing attacks.
Although these risks cannot be eliminated, companies should be aware of the increased risks and consider reasonable and practical measures to mitigate them.
Best practices to avoid attacks targeting employees working from home_
Given the possible repercussions of a cyberincident, companies must be especially vigilant in light of the increased risks. Cytomic, unit of Panda, suggests some practical measures to mitigate these risks:
- Cybersecurity solutions must be advanced and up to date. It is worth considering using endpoint detection and response programs to remotely limit the impact of a compromised device. Cytomic’s advanced security solutions can include full EPP and/or EDR capabilities that monitor endpoint activity and offer continuous, comprehensive and detailed visibility. This monitoring is based on the Zero-Trust App Service, the only one of its kind on the market.
- Companies must review, evaluate, and update, if necessary, their incident response and business continuity plans. Our incident response services often begin by deploying our agents on the customer’s endpoints, which provides visibility of the presence of attacks on the network and about which assets have been compromised. This is then used as a basis to establish a customized remediation plan, providing a strategy to eradicate attackers from the network.
- Employees should be asked to test remote access software and applications in advance to ensure they are familiar with the process.
- Connect to the company’s internal network via a VPN, avoiding the use of public or third-party Wi-Fi networks.
- Awareness training, both beforehand and continuously is, of course, a vital element for this kind of crisis.
- Just like when you are in the office, only access websites that use HTTPS, ensuring a secure connection. It is also important to use secure passwords to protect accounts.
- Make regular backups to ensure that information is not lost in the event of an incident. This way, even in the worst-case scenario, you will always have the possibility of recovering data, which is a vital component of many companies.
The mission of the Cytomic team is to keep our clients free of threats, minimizing their risk, based on the prevention of cyberattacks and the reduction of their attack surface, our Threat Hunting service, and response to attackers within their network; as well as mature, efficient and security programs adapted to their capacities that allow them to improve their security posture in their day-to-day life and especially in extraordinary situations such as the one we are currently experiencing.