The coronavirus outbreak has forced businesses to make a safety-conscious yet an operationally hard decision- asking their employees to work from home in a bid to encourage social distancing. While telecommuting can translate into better productivity and lower costs, it also raises concerns about the security of critical corporate data, transmitting outside the safety perimeter of the office, across a multitude of devices, systems, and peripherals, most of which aren’t conforming to rigid security protocols. This is the perfect recipe for a potential data breach!
In this post, we will discuss the most challenging data security issues businesses must contend with when employees work from home through the coronavirus outbreak.
Challenge: Security of Cloud-Based Assets
Cloud computing may be the backbone of modern business yet managing online assets can be very complex when there is a wide network of external devices constantly accessing and sharing critical information.
Solution: Employ technologies like geofencing, and predictive asset management to command the flow of critical organizational data.
Challenge: Monitoring BYOD Policies, Mobile Devices, and Unsecured Networks
Many employees use personal devices and unsecured Wi-Fi networks for remote access. By hacking into a public and unsecured network, hackers can prevent employees from logging into their work accounts, under the pretext of “denial of service”. Used as a social engineering tool, the remote employee can be tricked into providing their login credentials, subsequently leading to the compromise of the victim’s systems, and the organizational infrastructure.
Last month, as part of its February 2020 Patch cycle, Microsoft released security patches for several critical remote desktop vulnerabilities, the most prominent ones were CVE-2020-0681, CVE-2020-0734, CVE-2020-0655, and CVE-2020-0660. If an attacker could successfully exploit any of these vulnerabilities, the result would have been the execution of arbitrary code on the targeted system. Depending on the vulnerability, this could result in the viewing, modification, and deletion of data, alongside the installation of applications and the creation of new users with admin-level privileges. Microsoft had marked these vulnerabilities as critical and concluded that their exploitation was “very likely”.
Solution: The organization can employ robust Bring Your Own Device (BYOD) policies and advise their workforce about the dangers of unsecured devices, networks, and common hacker strategies like “denial of service”. Additionally, the remote employee’s work device can be secured in advance with the necessary security software. Further, ensure that all systems are provided the latest applicable security patches to offset the dangers from the remote desktop vulnerabilities as listed above.
Challenge: Respecting the Duality of Personal and Business Data
When employees use the same device for work and personal use, there is a grave danger of threats impacting all data. For instance, if software downloaded for personal use from a shady website causes the employee’s laptop to crash, his work data would be lost too. Recovery of lost data depends on the backup solutions employed, and the remote worker diligently adhering to the backup policies.
Solution: From IT operational perspective, a robust cloud backup solution needs to be deployed. More importantly, employee cybersecurity awareness and training need to step up when working from home becomes the norm. A vast majority of the employees simply lacked understanding of common security risks, as well as their own unwitting participation as enablers of such risks. Organizations must build a strong culture where every employee sees cybersecurity as his personal responsibility and comply with policies and protocols.
Will the COVID-19 outbreak facilitate a security-conscious work culture? The recent coronavirus outbreak and the need for social distancing have forced many organizations that weren’t earlier in favour of working remotely to embrace this concept and assist their workforce in working productively from home. This translates into the procurement/leasing of new equipment, migration of work environments from fixed peripherals onto mobile devices, and management of queries and troubleshooting. Aside from the IT and security teams, the procurement unit, and other departments within the organization and the supply chain must be adequately trained to understand security implications.
Challenge: Increase in phishing attacks, many using social engineering tactics to trick employees into revealing sensitive information and facilitating data breach
CYFIRMA’s CTI (Cyber Threat and Intelligence) team has observed a renewed wave of phishing attacks, aimed at those seeking information about the COVID-19 outbreak. A slew of impersonated websites, including those purporting to be associated with authoritative bodies like the WHO, are likely to host keyloggers that could lead to the exfiltration of critical corporate data. Additionally, impersonated VPN applications are being spread through registered domains, with hackers paying particular attention to the manipulation of VPN tools. Also, our research team and multiple security vendors have reported that threat actors are using fear tactics to spread malware, including LokiBot, RemcosRAT, TrickBot, and FormBook. Alarmingly, most consumer-ready antivirus solutions alone won’t be able to stop the hackers’ sophisticated attacks targeting the organization.
Solution: Building a fortress to protect an organization’s assets and data has now become a fundamental rigour. Unfortunately, this alone is ineffective in keeping out hackers and adversaries. Organizations must also look outwards and adopt an intelligence-centric approach to managing cybersecurity. This means receiving real-time cyber-intelligence that is harvested and analysed from the hackers’ trenches (deep/dark web, surface web, hackers’ communities, closed communities). Data collected would have to be analysed in a way that is relevant to the organization’s industry, geography and the technology that it is currently using. Only then can cyber-intelligence be accurate and predictive, and utilized effectively to fend off cyberattacks.
Security Operational Hygiene
Here are the basics which we recommend companies implement today, if they have not already done so.
Firewall and Antivirus: Solutions that match up to the organization’s size, scope, and scale, must be implemented on priority. Ensure that the firewall has built-in properties like high availability programs, robust anti-malware software, etc.
VPN Setup: When it comes to accessing secure data remotely, VPN is a prerequisite tool. Usually, business-grade firewalls have built-in VPN. Note that even the most sophisticated VPN can be overcome by risky behaviour from the end-user.
Employ Multi-Factor Authentication: Aside from the usual options, biometric authentication such as fingerprint technology or iris scanning technology can be deployed.
IDS and IPS Setup: Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are background programs that monitor your network and will alert you if any suspicious or malicious activity is detected.
Limit Information Access: Grant access to only such information that is necessary for the remote worker to complete his/her job. Employees should never be granted access to all the available critical data.
Data Security Specifications Document: Specify in writing the various do’s and don’ts when it comes to critical organizational information, its usage and circulation by the remote worker, and other policies. This should be a live document with periodic updates following your organization’s changing security landscape.
The sudden onset of the coronavirus outbreak and the scramble to implement remote access have caught many organizations off-guard. By adopting the measures above, organizations can be confident prolonged telecommuting would not compromise their security postures.