The Cyber Impact of Coronavirus
With the rise of COVID-19, prepare for the cyber risks that your network could become exposed to when employees start working from home.
Work-from-Home Security with Coronavirus
For offices around the world, the possibility of having to send employees home indefinitely as the virus spreads is becoming very real. If your organization hasn’t needed work-from-home policies in place before now, it’s time to start building them. Here are some considerations to ensure your technology and security are ready for the cyber risks that your network becomes exposed to when employees work from home.
In recent weeks, precautions have been published by national health authorities in response to the Coronavirus (COVID-19) outbreak, as the World Health Organization declared the virus an international pandemic emergency on March 11, 2020.
The virus—a flu-like illness with a higher R0 score–has recently made its way to the U.S and Europe. This has caused a surge in organizations that are examining the risks involved with allowing employees to work from home.
Big corporations like Facebook and Microsoft are seeing the outbreak’s effects first. These were some of the first to send employees out to work from home—closing down entire office locations in some areas to prevent the spread of the virus. But for smaller organizations and those that haven’t incorporated remote working before now, haphazardly trying to have all employees work from home is a serious security risk.
As CDC professionals work to get a handle on this human virus, Syxsense combats the types of computer viruses that will undoubtedly affect remote workers and organizations during the coming influx of work-from-home.
What are the cybersecurity risks of working from home?
- Home devices are likely to have unpatched and out-of-date software
- Exposing sensitive corporate data
- Wider attack vector for attackers
Preparing for Remote Users
A great first step is to think about and protect the endpoint from which the employee will be working.
Is it a laptop that belongs to your organization? It should already be subject to your organization’s cyber protections, including security software, rules regarding local admin access, web filtering, and application control. If you don’t have those protections in place, this is where you need to start.
For endpoint security, we recommend focusing on implementing key security solutions: patch management to quickly remediate potential security gaps, endpoint detection and response (EDR) to monitor for cyberattack activities on the endpoint device. In addition, we also recommend Two-factor Authentication (2FA) on important accounts, especially your remote access tool.
MFA is becoming more critical as organizations grow more digitally connected. Enabling MFA on user accounts, most-used online solutions, and other business tool accounts can ensure that a “hacked” password or a lucky guess isn’t the only layer of defense that stands between your accounts and a “bad guy” on the other end.
Patching is Critical
As more business infrastructure gets connected, Juniper Research data suggests that cybercrime will cost businesses over $2 trillion total. Nearly 60% of companies have experienced web-based attacks, phishing, social engineering attacks, malicious code, and botnets. 43% of attacks target small businesses with an average of 39 seconds between attacks.
Combining security scanning and patch management in a single console, Syxsense is the only product that not only shows you what’s wrong, but also deploys the solution. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patching and security scans.
If you’re not able to provide your employees with laptops or workstations they can take home, then you’ll need to make sure you have some way to protect their personal devices with standards similar to those of your corporate environment. This is vital, because there is a very real chance that some of your employees’ home devices may already be compromised.
The majority of home users, despite expressing security concerns, fail to follow cybersecurity best practices in their digital lives outside of work. In addition, many home laptop and desktop computers remain unprotected from malware and computer viruses, with one estimate showing that about 1/3 of computers worldwide become infected with malware (750 million in 2018).
Consider making your company’s security software available for your employees to install on their home systems, with emphasis on your Malware Prevention or AV. While this incurs some additional cost and administrative overhead, it may protect you from an easily-exploited attack vector. For added visibility into endpoint activity and security, consider adding an Endpoint Detection and Response (EDR) solution to alert on abnormal device behavior and signs of malicious attack activity.
Be aware that having your teams work from home using personal computers can introduce security risk factors that are out of your control—by allowing personal device use for company work, you are accepting that risk.
Provide Remote Access
- Will you be using a remote desktop solution?
- Are you going to allow direct connectivity to your corporate servers from remote employees?
- Do most of your employees only require connectivity to a few cloud-based applications?
Your answers to these questions will dictate what sort of protections you need to put in place and what regulations to implement on the connectivity between your remote users and your internal infrastructure.
Ideally, you’ll want to put as many of the same protections in place for remote workers as you have for in-office workers. Make sure you’re scanning and logging all possible sessions, including VPN (Virtual Private Network) and RDP (Remote Desktop Protocol) logins, web traffic, SMB (Server Message Block) protocol access. If your firewall/VPN solution allows it, you should scan and log all sessions between your remote user and your internal systems, as well as restrict traffic to only what is necessary for each remote worker’s job role.
Whether your users will be working from company devices or whatever they’ve got at home, you want to ensure that you’re protected against data loss and theft as they access and share files across networks. This could mean implementing secure Remote Desktop solutions for users to work from and allowing users to use a corporate VPN to secure their connection when working from public or home wireless networks. If users’ traffic is as protected as possible, the risk of remote connectivity decreases significantly.
If possible, use web content filtering to continue to protect your remote employees from malicious websites and to preserve productivity.
Take advantage of two factor authentication everywhere possible. Specifically, protect your remote VPN, cloud applications, and admin sessions. While a token-based MFA solution like Google authenticator or FortiToken is best, any secondary authentication like SMS or email-based will be better than single factor logins.
Have a Support Plan for Remote Users
Your IT staff will likely need some remote support tools and be familiar with them when the time comes—especially if your work force isn’t used to working remotely. The number of calls to your support desk will increase dramatically, so make sure you’re ready to handle the influx of users struggling with new technologies for the first time.
An organization with a well-designed security policy and disaster recovery plan may find they already have a lot of these solutions in place. Working from home need not be any less secure than your office environment – just be sure to do some planning, set up some policies, and put effective measures in place.
In summary, here are some key Do’s and Don’ts for incorporating remote working into your organization:
- Let your users use their home devices, if possible
- Allow high-level asset access from remote users
- Leave port 3389 (RDP) open and unsecured to the internet
- Allow remote access to any administrative functions without requiring MFA. If possible, secure ALL remote connectivity with MFA.
- Provide remote assistance options. End-users will most likely require aid while working remotely and Syxsense effortlessly provides remote control and monitoring tools, regardless of where the device(s) reside.
- Log all remote access. If possible, log all sessions from VPN users to internal resources. Syxsense can be configured to allow remote users to securely remote connect back to corporate resources with end-user access, while ensuring the required authentication steps as well as logging all access.
- Use MFA on every platform that supports it. The Syxsense console itself supports 2FA through Google Authenticator and email, as well as single sign-on through Okta and Azure.
- Provide locked-down, encrypted systems (laptops, desktops or tablets) for your employees’ use. Syxsense always leverages a highly-secure connection back to the cloud to protect each and every device from external threats. Syxsense can also proactively monitor potential vulnerabilities while on external networks, but also quarantine devices should they offend corporate policy.
- Keep all remotely accessible systems fully patched. Syxsense can easily schedule-up patch deployments for OS and third-party updates whenever desired, whether on-demand or on a routine basis whenever the device is best available. This ensures the latest vulnerabilities are remediated in a timely manner, even with zero-day situations or upgrades to Windows.
Turn to Syxsense for More Secure Endpoints
Endpoint security is a complex and multifaceted issue requiring vigilance and cooperation across all departments within any given organization. Turning to the broad complement of endpoint security solutions offered by Syxsense will be an excellent place for you to start.
- For a “one-stop-shop” with vulnerability scanning, patch management and endpoint detection and response in one package, look no further than Syxsense Secure. Available as a standalone software product or alongside 24/7 managed services from our dedicated, experienced team.
- The similarly comprehensive Syxsense Manage solution offers additional endpoint, OS and patch management oversight to complete the picture of meticulous and wide-ranging threat management.
Begin your organization’s journey toward airtight endpoint security with a free trial of Syxsense’s products and services.
Experience the Power of Syxsense
Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.