The COVID-19 pandemic is a very demanding and challenging situation for companies. With the RiskIQ Coordination Checklists, First Consulting, Inc. can help our customers get uniquely prepared.
The COVID-19 pandemic requires immediate action by security teams. Here’s what you should do to get started.
1. Shadow IT gets a big boost, be prepared
As IT teams and other staff employ new external assets to enable customers and a remote workforce (websites, web portals, mobile apps, and more), security officers must continuously track it all. Having a running, continually updated inventory of components connected to the organization outside the firewall is crucial because attackers will be looking for access, also. Knowing the defenses of their targets’ are spread thin, the attackers search for unknown, unprotected, and unmonitored digital assets. It just takes one for them to get access and move laterally across an organization’s network.
2. Identify and locate all remote access points
Many employees can get their work done from anywhere due to the increased interconnectedness of modern technology. Yet, while it is possible to work from home, proper network security for remote employees is just as important as a secure network within the office building. It is essential to be able to scan for access points across your organization’s network quickly to know who has access and from where it is coming. The same goes for customers: if you’re an enterprise software platform, customers may have more access than you realize.
3. Pinpoint configuration errors
To accommodate a remote workforce with as little loss in productivity as possible, IT teams are standing up new systems quickly. They might make sure all the patches are applied, but at this pace, they are likely making mistakes. Having a full inventory of systems associated with your organizations allows you to scan them for misconfigurations and help build a secure external network that gets business done outside the office.
4. Find and secure cloud assets and services
Remote workforces will leverage the cloud more than ever. As more things are stood up to the cloud and moved there in the coming weeks, it becomes crucial to have a full inventory of cloud assets to determine ownership, as well as those that are potentially accessible to attackers such as orphaned, abandoned, and shadow IT assets.
5. Detect malicious, rogue assets
Unfortunately, threat actors are taking full advantage of the global anxiety over COVID-19, and the confusion and challenges it’s causing businesses. Scams, phishing, and malware campaigns that leverage your brand and impersonate your infrastructure to fool customers and employees will run rampant if not detected. Organizations must have situational awareness of these attacks, and access to internet-wide visibility to detect new infrastructure targeting them so they can neutralize the threat before it causes damage.
6. Prepare your WFH-Force (Work from Home)
U.S. government agency analysts, the FBI announced on March 20th that there had been a significant spike in cybercriminals targeting employees working from home. Here’s what they advise employees to do to keep themselves and their company safe.
Consider implementing a weekly cybersecurity check for all employees working from home. During this pre-arranged time, employees can confirm that all security software is up to date (e.g., privacy tools, add-ons for browsers, and other patches).
Critical company files should be regularly backed up to a remote location in case of disaster, hardware failure, or ransomware attack. Notably, most ransomware attacks take place during the night or over the weekend, according to a recent FireEye report, likely because many companies don’t have IT staff working those shifts.
Employees should ensure their WiFi router is secure, and patching is up to date. This guide from WIRED is an excellent primer on router security. It provides a general how-to for changing passwords for both connections and administrative access, as well as updating firmware, hardening, and network segmentation.
Employees should be aware of current threats, as well as the basics of password security: recognizing phishing emails, phishing pages, scam pages, social engineering attacks, and incident reporting.
Define a clear procedure to follow in case of a security incident. Employees should be encouraged to report cyber incidents or suspicious emails and websites. This information can be used to isolate any ongoing attacks and prevent similar incidents in the future.
Enforce the use of multi-factor authentication for connecting to all corporate assets.
If possible, provide remote employees with a hardened, dedicated work machine with hard drive encryption and enforce an automatic patching policy on that device.
Protect your employees’ work devices, including laptops, tablets, mobile devices, and more. You may want to consider an endpoint security solution, such as that described by Crowdstrike.
Provide a VPN solution for connecting to assets on the internal corporate network. According to ZDNET, enterprise VPN servers have now become paramount to a company’s backbone, and their security and availability must be a focus going forward for IT teams. The use of a VPN also calls for endpoint protection, as compromised devices that are connected to the corporate network risk spreading infections to other devices.
Make sure any VPN solution is patched and up-to-date. Last year, the UK’s National Cyber Security Centre reported that Advanced Persistent Threat actors were exploiting vulnerabilities in multiple enterprise VPN solutions. We expect attacks on vulnerable VPN solutions to increase apace with the growth in usage.
I'm a paragraph. Click here to add your own text and edit me. It's easy.