COVID-19: What to be Aware of While Working Remotely From Home
By Bryan Cowing, Security Analyst Tier I & Developer
As the COVID-19 situation continues to develop worldwide, our federal and local governments have begun to impose several social distancing measures to help protect citizens from contracting and spreading the virus. With these new social distancing measures, many businesses are setting up new avenues to enable their employees to access and interact with members of their from a safe distance. It has become the norm during this time to implement a work-from-home policy in the workplace, allowing employees remote access into the online infrastructure. This has been necessary to help employees and businesses survive during this time of uncertainty, but, introduces a newfound set of challenges and concerns from a data security standpoint. These challenges and concerns arise not only because of the increased accessibility for hackers to exploit, but from the sophistication of attempts from the hackers, utilizing the chaos caused by COVID-19 in their favor.
Below are a few challenges and concerns that all businesses and individuals should be aware of:
‣ Increases in malicious activity
Hackers are working diligently to take advantage of the global chaos, and of COVID-19. Attackers have already established malware-infested websites and uniquely crafted phishing emails, usually claiming to have news on or even a cure for the COVID-19 virus attached to them. Organizations rushing to accommodate employees practicing these social distancing measures, may be opening up their organization to otherwise vetted security holes.
‣ Exposure and exploitation via remote access
A risk of remote access implementation is that organizational credentials are used to access them. These services in most cases will require a username and password to login and gain remote access. If these services are accessed by an unauthorized user there could be significant damage done.
‣ Legal and personal ramifications
Implementing any remote access option in an organization introduces inherent risks. One risk that gets introduced is that employees can access the network from virtually anywhere. Anything employees do on the internet while connected remotely may as well virtually (pun intended) be considered as sitting in the office. If an employee forgets they are connected via VPN and torrents illegal software, or accesses any illegal content, the organization can be held responsible for these actions.
What Should I Be Doing to Protect My Organization?
‣ Reduce risk exposure from remote access
For certain organizations providing remote access to establish business continuity is a necessity. Before taking any actions, we recommend you review your data breach plan, incident response plan and remote access policies prior to enabling remote access to your users. This not only will ensure you have these policies and procedures in place if an incident occurs but will further enforce that the correct steps are taken in the deployment of this access.
‣ Increased employee security awareness
Even the most secure systems are still vulnerable to the end user that is using it. Over the coming weeks and months, we anticipate a multitude of phishing attacks. To reduce the chances of one of your employees becoming a victim of one of these attacks, we recommend implementing security awareness training for all employees that will be working remotely. Studies have shown that the susceptibility to phishing attacks in organizations typically decreases by ~75% upon providing security awareness training to employees.
‣ Assess remote access options
When it comes down to providing remote access to the employees of an organization you have a few options. These options include but are not limited to the following:
‣ Setting up a VPN (Virtual Private Network)
‣ Implementing an RDP (Remote Desktop Protocol) solution
‣ Implementing a software solution such as AnyDesk or TeamViewer
To mitigate any issues caused by utilizing remote access options, you should have all employees sign a waiver that puts liability of any actions made while accessing the internet over the VPN on the employee. In addition, you should require a certain password complexity for any accounts that will have remote access. The permissions of those accounts should be limited to the bare minimum, so that the employee can do their job. You would rather have an employee ask for more permissions than to give too much.
‣ Account and password management
With the creation of new accounts and passwords for remote access, employees should never have shared usernames or passwords. We recommend organizations use a password manager to make implementing these accounts as easy as possible. Using a password manager, such as LastPass, will allow you to generate complex passwords for each employee, and will track the number of accounts and who has access to them.
When you are in the office, you have certain “in plain sight” security controls that help deter unauthorized access to information systems. For example - if a stranger walked into the office, sat down at a computer and started to log in, someone (hopefully) would notice, or there would be physical safeguards in place to ensure this isn’t possible. While working remotely, you often don’t have this luxury. To help mitigate this, organizations should always force the “Remember Password” option while logging in to be disabled. Also, organizations should implement two-factor or multi-factor authentication where possible. This will ensure only authenticated users are able to access the network.
What Can We Expect Next?
This global pandemic is currently causing hysteria across most of the planet. People everywhere are implementing an unprecedented amount of remote access to allow their organizations to continue business at a relatively normal rate. Hopefully using the information and tips provided in this article you can prepare your organization, and deploy any remote access for your employees in a secure manner. We believe that this pandemic will have an effect on the cybersecurity of many organizations. We advise all organizations to keep track of any remote access you open for your organization, and be sure to close them once this unfortunate event has subsided.