While guidance has been published for organisations to enable workers to return to work safely, many employees will still be required to work remotely as part of a longer-term plan.
While guidance has been published for organisations to enable workers to return to work safely, many employees will still be required to work remotely as part of a longer-term plan. This sudden shift to a remote-working economy is one that many businesses were simply not prepared for. Gartner research recently revealed that 81 percent or more are working remotely, and 41 percent are likely to do so at least some of the time once a return to normal working is permitted.
This unprecedented rise in remote working also is a challenge for employees, but also for businesses as they navigate the cyber-risks brought on by the pandemic. When the majority of lockdown and work from orders were ordered, initial concerns seemed to focus on infrastructure, equipment, and bandwidth provision. However, as time has gone on, it has become readily apparent that many organisations are now more vulnerable to security threats than ever before.
Beware of phishing attacks
Since many companies have built policies and procedures which protect individuals and the organisations infrastructure, it is highly unlikely that any business has this level of contingency plans in place. With new practices often comes teething problems and, unless a significant percentage of employees had previous access to proper remote access technologies, there is a real risk of employees making bad choices during these times – this is where phishing becomes a major issue.
Many phishing techniques are designed to be effective, as many people’s environments have changed, making them more susceptible to attacks. Many cyber-criminals are targeting large numbers of employees with pandemic-related claims. These attacks use tailored techniques, dynamic websites, and regularly update the methods used to remain new and undetected to those mostly untrained and working from home. The result is a series of attacks that have an alarmingly high success rate, yet a relatively low detection rate.
As employees work remotely, the risk has significantly increased because they may be using non-standard email, new instant and unfamiliar messaging systems, and perhaps new equipment which fail to properly filter out the emails which carry the threat. Employees could also be tempted to use public Wi-Fi as lockdown eases without using a VPN and this can leave them exposed to what is known as ‘man in the middle attacks’ which often pose as fake Wi-Fi hotspots.
The danger of ransomware and file sharing
Ransomware attacks have become a serious problem in organisations at the moment. Remote working employees may be using non-standard email or messaging systems, which fail to properly filter out emails that carry a threat, and therefore putting their devices and content at risk. As well as this, file sharing is also increasing the risk for organisations. One disadvantage of many file sharing options is that organisations simply do not have the required control over the data which is being shared. When workers begin to use consumer tools to share with external entities, they are taking business information outside the company’s IT scope, meaning that it is also out of the IT department’s control which can lead to serious security and integration problems.
As employees use their personal file-sharing tools on work-issued devices, this increases a business’s vulnerability. The problem is occurring because, without visibility into business data flows, IT personnel cannot sufficiently track the files that enter and leave the company. This lack of clarity then impedes an organisation’s ability to ensure compliance with internal policies, or with external mandates and agreements. A managed file sharing service can provide detailed audit trails, encrypt, and compress files in transit and at rest. Plus, it meets compliance requirements, as well as reduces the need for custom scripts and programmes, single-function tools, and manual processes.
Employees must be educated about the risks of sharing files, especially in terms of using IT solutions that are not officially implemented across the organisation or that has officially been approved. This type of file sharing involves using an employee’s own email accounts free cloud storage services, and other common file-sharing systems, as they may not meet the company’s security requirements and are, in many cases, outside of the company’s existing safety measures. Companies should also deploy a formal file sharing policy that provides clear rules and conveys the seriousness of the risks involved in such activities.
Conference ‘bombing’ – a new challenge
Conference ‘bombing’ is where third parties hijack video conferences. While this is a new challenge for security teams since the work from home orders were introduced, there are some preventive measures that organisations should implement. Companies must ensure that they do not share meeting IDs in public forums and train their employees on video conferencing best practices.
For example, users should not share a personal meeting ID (PMI) with anyone else, as third parties can check if there is a meeting in progress and potentially join it if a password has not been assigned to that meeting room. An effective security procedure is to create a virtual waiting rooms for those attending – this will prevent users from entering the meeting without first being allowed in by the host. Organisations should also ensure that only the host can share their screen during the call and that they password protect all meetings. Additionally, it is also possible to enforce tighter controls within one organisation, by only allowing persons with a given e-mail domain to join.
Organisations must ensure that they continuously remind employees to update conferencing platforms on their personal devices. This is not least because recent updates have enabled meeting passwords by default and added protection from people scanning for a meeting ID. Finally, it is important that employees do not download fake apps containing malware – always download the conferencing platform from the official site.
Reducing the remote-working risks
To keep data secure between remote workers and fundamental systems, VPNs are a popular choice. Ideally, organisations would have a ‘zero trust’ network system deployed. However, this can be difficult to apply. Indeed, with the global pandemic, organisations would need to implement a zero trust network now, however it should really be rolled out on a phased basis, which entails pilot schemes and tweaks in a safe environment before implementation.
Another way to mitigate risk is to ensure employees have up-to-date security protection on any devices, such as virus checkers, firewalls, and drive encryption. Mobile device management (MDM) is fundamental and there are some solutions that allow several users who share a single device to have full control over VPN, device-wipe capabilities, and configuration of enterprise data protection procedures. They also allow the break-up of business and personal data, which is effective in bring-your-own-device (BYOD) environments.
To help businesses control devices brought in by employees, BYOD programmes allow administrators do selective wipes of devices and cleaning app data without wiping the entire device. When a full wipe is needed, the policy can now force a secure digital (SD) card wipe, along with the internal storage of the device if necessary. Admins can also set Wi-Fi configurations for each device with app policies, by letting them set it once and push to all managed devices at once.
Preparation for the ‘new normal’
Whether its phishing, ransomware, file sharing or conference-bombing, having knowledge of the current threats is important to ensure that organisations are using the correct security tools to mitigate them. If businesses put their security remote security at the forefront of IT plans and follow the important steps then they will be able to survive and thrive as they navigate this pandemic.