COVID-19 does not have to compromise your organisation’s security.
Security is something that every business should be thinking about; it is an essential part of any IT strategy and can lead to serious problems if not properly maintained and monitored. However, it can be tempting to think of security threats as purely external forces, driven by malicious database hackers launching attacks from outside your network.
The truth is that in many cases, your own employees – consciously or not – could be posing as much of a security threat as any cybercriminal. There are a variety of ways in which employees can compromise elements of your defences, and many of them have unfortunately been exacerbated by the ongoing COVID-19 pandemic.
Global – and now local – lockdowns and the resulting surge in remote working have introduced or heightened risk areas that were previously only minor concerns for businesses. It is now more important than ever to protect your IT infrastructure from malicious cyber activities.
In through the outdoor
The use of cloud-based collaboration and communication services like Microsoft Teams has exploded since the start of the year as businesses scrambled to keep their remote staff connected through virtual platforms. But although these services can bring huge benefits to businesses, there are also risks attached to their use.
One of the biggest advantages to these services is that they provide a centralised, easily accessible record of all of your organisation’s communications and information and, while this improves efficiency, it’s also a double-edged sword – any attacker that gains access to this system potentially has access to an alarming amount of sensitive information, as well as a whole host of escalation tactics.
Access credentials for shared services are often posted by staff in open channels, as are links to potentially sensitive files and folders, not to mention confidential information about internal operations or upcoming deals. This can all be used by an attacker to access more valuable areas of the network, whether their goal is to deploy ransomware, exfiltrate confidential documents, or spy on your staff. These systems are generally complemented by cloud storage platforms, which provide a further treasure trove of data for intruders to exploit.
There are several ways to combat this; the most obvious one is to enforce policies against sharing credentials or sensitive documents on public channels, but this is hard to police. As any security team knows, convenience usually wins out over proper procedure. Therefore, it is wise to supplement this with strong password controls and multi-factor authentication for all user accounts, ensuring attackers cannot simply push their way in. A nice side benefit of this is that it also helps mitigate the risk of password reuse, which can be disastrous in larger organisations that do not keep a close eye on their password hygiene.
Cloud storage platforms also incorporate a number of access control mechanisms, such as role-based permissions; these allow you to define which specific people can access certain files and folders, and what level of control they’re allowed to have over them. Some platforms will go even further than that, with features like the ability to grant time-limited access to files.
Left to their own devices
Implementing strong access controls, password hygiene and multi-factor authentication are all good practice in any circumstance, but they’re especially important when all of your staff are relying on cloud-based apps and logging in from locations and devices which may not be as secure and well-protected as when they’re in the office. For a variety of reasons, many workers are now using personal devices (BYOD) to access corporate platforms, and these devices in themselves could be posing a serious risk.
If an employee is using a personal device for work and has not alerted IT teams to this fact, they likely will not have any monitoring or protection running on the device. This means it cannot be tracked for threat analysis purposes, and it may also be introducing security holes via unpatched software or even malware that the user has unwittingly picked up. Furthermore, if they are working from a coffee shop, they might be using unsecured Wi-Fi, which puts them, and any information they are working with, at risk from malicious cyber activities.
“In this age of remote work, we cannot emphasise enough the importance of paying attention to how employees handle sensitive data and follow security policies. Many individuals are experiencing connectivity issues which means they may be saving confidential or sensitive data to their personal tech rather than to secure shared drives” Centrality’s CTO, Daniel Wyness explains.
Traditional perimeter defence is going to be less helpful in this scenario and, if you’re dealing with a significant number of employees that use personal devices for remote work, you should consider deploying endpoint security tools to give your IT team a centralised way to monitor, patch and protect your employees’ devices in a relatively unobtrusive fashion. Knowing exactly what devices are on your network – and what condition they are in – is a vital part of protecting it and should not be neglected just because staff are working from home.
Workers are not the only ones who are having to adapt to new ways of working, however; cyber criminals are also switching up their tactics to capitalise on the new situation. Many hackers are attempting to exploit the trends like password compromise, spear phishing, and others, and IT teams should be on the lookout for changes in attack patterns as cyber adversaries adapt. Phishing attacks will remain an easy attack method throughout the course of this lockdown, and staff should be trained on warning signs which may indicate a bogus email.
COVID-19 has forced us all to make a huge change in the way we work, and now that we have all experienced it in one way or another, it’s extremely unlikely that businesses will go back entirely to how they operated before. This change does not have to make your business less secure, however. Many of the potential risks that can be introduced when organisations move to a remote model can be mitigated through careful use of security best practices, including inventory management, password monitoring and multi-factor authentication.
Connect by Centrality provides you with a highly secure endpoint device solution with 24x7x365 support. Giving your staff a consistent way of secure working no matter where they are. Our managed security services protect you further still.
All organisations will be making adjustments for the ‘new normal’, however, if IT teams remain alert to the changes and continue to implement industry-standard recommendations, we can emerge into the new world with all security intact.