Cyber Security While Sheltering in Place
By Darren James, Specops Software
Finnish company Arctic Security recently revealed that the number of compromised organisations across the world has more than doubled since January.
An alarming number of users’ machines have now become compromised since working from home. This could be due to several factors:
- Rapid deployment of non-company image devices – a lot of laptops have been purchased/rented as well as bringing personal devices permitted. Therefore these devices have been deployed without having the corporate image installed, which means that the protections normally in place e.g. AV, Patching, Group Policy etc. will not be available.
- As people work from home their corporate devices might not be patched as frequently as when on the company network, hence exposing people to more recent threats.
- There has also been a large increase in COVID-19-related spam emails and texts which in turn will create a larger attack opportunity for the wider hacking community.
- Particularly in the BYOD scenario a device might be shared by other members of the family, therefore posing a greater risk of less IT-savvy users clicking on malicious links and downloading malicious software.
- In general, IT departments are not well prepared for mass remote working, meaning out of date remote access solutions are likely being used on a mass scale.
How can organisations best deal with these sorts of threats?
If the above scenarios have already occurred in your organisation, at the very least keep in contact with your workforce. You can also raise the profile of keeping the company safe from IT threats by considering the following:
- Keep employee devices up to date with the latest patches and AV solutions.
- Encourage employees against sharing their work device with other family members e.g. children.
- Make sure home Wi-Fi passwords are changed from the defaults.
- Ensure to power off devices when not in use.
How should organisations adapt/change?
Adapting to this “new normal” as fast as possible is important, to prevent future breaches and ensure success.
Keep security at the forefront of all decisions by reviewing firewall rules, checking that your VPN protocols are secure, and introducing AppLocker policies to restrict what users can run under their accounts. You should also consider removing global and local admin rights on workstations.
But crucially, don’t forget the basics! Maintain a good password policy, make sure your users’ passwords haven’t been compromised and check your logs for unusual activity. You should also consider introducing multi-factor authentication (MFA) for remote workers and look at ways of verifying users’ identities.
Are we facing a cyber security pandemic? I believe that we are constantly in a cyber security pandemic; the current global crisis has just exacerbated it and provided opportunistic cyber criminals even more opportunity to prey on society and make a quick buck.