Coronavirus is affecting the economy, global supply chains, human and workforce behaviors. Many companies are now adopting work-from-home practices: Twitter, Amazon, Microsoft, Okta and more have already advised their employees to work remotely, and undoubtedly this list will continue to grow. These difficult times have introduced not just IT and company culture challenges, but also a ripple effect of cybersecurity challenges that companies must face to properly address the sudden shift of a large-scale workforce working remotely.
CyberSecurity Challenges Arising from Working from Home
Lack of Strategic Support
The history of cybersecurity indicates that the cultural adoption of sound security practices takes time. Conversely, security teams are now being forced to quickly understand a new situation and its challenges and effectively address them with new security policies. Without adequate support from boards and executive teams, companies will fail to overcome the challenges that work-from-home policies can pose.
Employees who interact using their own devices with corporate data assets introduce diverse communication platforms and operating systems that require their own dedicated support and security policy implementation. The challenge posed by the variety of platforms and operating systems that prevent the establishment of consistent and enforceable security policy is known as “unmanaged devices” in security jargon. In the past few years, security teams understood the need to address this issue of unmanaged devices. Some had done so simply by keeping the number of unmanaged devices to a bare minimum. Now, within a short period of time, these devices have suddenly grown exponentially.
Shadow IT, where employees apply new technologies without needing to go through IT and security departments, is another recent challenge that companies face on a daily basis. Now even companies that were able to somewhat restrict Shadow IT will need to consider how a remote workforce could exacerbate this issue. Conceivably, thousands of applications could go under the radar of the security team.
Secure access to company resources is yet another challenge. For example, remote access to a company’s internal networks may have been limited to a fraction of employees. Suddenly, access must be granted to the full workforce, increasing the risk of password abuse and credential-related attacks. There will also be a sudden need for security policies such as two-factor authentication and access monitoring controls.
Phishing attacks are among the largest security risks that companies face on a regular basis. These attacks range from targeting an administrator through a seemingly benign email with the goal of penetrating the company’s internal resources to malware diverting payment transactions to threat actors. Companies use numerous methods to block these types of attacks, such as verifying the sender. With a new unprecedented amount of emails and requests—all online—such verification procedures are bound to fall between the cracks.
Supply Chain Attacks
Companies with mature security teams are now focusing on controlling shifting workforce habits. Smaller companies, however, will have a more difficult time, and can lack the necessary know-how and human resources. With the world’s reliance on the supply chain, companies are dependent on their suppliers’ security. Hackers are aware of the limitations of securing the whole supply chain and will start targeting companies with the goal of penetrating upstream partners.
What Are the Immediate Steps that Companies Should Take to Mitigate the Risks?
- Communicate the increased fraud risk to employees. Each employee must understand the risks of these new times and the expected surge of phishing and online scams. Beyond communication, provide employees with online security training that specifically focuses on work-from-home risks such as phishing.
- Develop verification procedures. Implement and communicate verification procedures to employees related to key issues such as financial transactions, account access reset, credentials and the sharing of PII.
- Close gaps related to password strength and authentication. For example, deploy two-factor authentication across all employees and systems.
- Increase system monitoring. This should be done particularly for those systems that were previously not used remotely.
- Contract MSSPs. Consider contracting a Managed Security Service Provide (MSSP) to increase the ability to review alerts and security logs.
- Introduce additional access controls. Start rolling out additional access controls, prioritizing according to the rule of urgency.
- Manage supply chain risks. Assess your suppliers regarding their security practices in light of work-from-home policies. Ensure that the same urgent steps that you are taking are also being implemented by your suppliers. As needed, provide them with a remediation plan so that glaring gaps are closed. Panorays has made a readily-available set of questions that companies can use to asses their vendors’ security preparedness for work from home.
With the right tools, policies and procedures in place, organizations can be assured that they can defend themselves against COVID-19 cyber scams and that the cyber posture of their company and third parties remains strong.