As the business world moves to rapidly enable work-from-home (WFH), enterprise IT teams need to shift resources and priorities to ensure that remote workers are protected. Already we see malicious actors adapting and targeting remote workers more. My colleague Alexei Balaganski published a list of recommendations for small businesses.
The Situation
- CheckPoint reports 4,000 domains related to coronavirus have been registered since January 2020, of which 3% are malicious and 5% are suspicious. Phishing attacks are increasing, which aim to capture remote workers credentials.
- VPNs are under attack. Many companies utilize VPNs to allow remote access to on-premise computing resources. US-Cert reports that attackers are finding and exploiting VPNs as a method to get into organizational resources.
- WFH does not mean users should send sensitive information to their personal accounts, but it’s happening. Enterprises need to retain control as much as possible. Even if your organization allows BYOD, devices which handle company info have to be protected. As Matthias notes, a quick move to the cloud may be a good course of action but it must be managed properly, with security in mind.
Recommendations
- MFA ASAP – turn on Multi-Factor Authentication now. VPNs and webmail are easy targets if only protected by password authentication. MFA should be enabled for all applications as soon as expedient. FIDO is an excellent standard for MFA, which increases phishing resistance and preserves privacy. Provide simple, illustrated guidelines on how to use MFA.
- Endpoint Protection – every device needs anti-malware capabilities. Keep endpoint clients up to date. Provide simple, illustrated guidelines to your users on how to check and turn on.
- Patch everything – turn on automatic patching. Some organizations still prefer to do in-house OS and app patch testing, but for remote workers this can no longer be an option. If your users are using personal devices, urge them to allow automatic patching. Patch your VPNs. Patch your mail servers. If you’re using SaaS mail, opt for extra screening.
- Security Training – warn your WFH workers that they are at increased risk to phishing and other attacks. Update your training and increase frequency of reminders. Provide short videos explaining the most important challenges.
- Update or deploy DLP (Data Leakage Prevention) and CASB (Cloud Access Security Brokers). As work becomes more distributed in response to this crisis, it will become more difficult to identify and protect information. If your organization uses these types of solutions, they may need to be tweaked to accommodate a massive relocation of workers. If your organization does not use DLP and CASB, it should be considered as a potentially strong risk mitigation strategy. Deploying these kinds of tools won’t happen overnight, but now is the time to consider them.
There are many other possible actions to take, but these five are a good place to start to reduce risks of data breaches. For solutions reviews and comparisons, see our research. For actionable guidance, our team of advisors can assist you with developing tactics and strategies.