By Andy Sauer, Director of Cybersecurity, Steel Root
With the sudden shift to work-from-home operations, businesses are now forced to deal with increased activity from both independent and nation-state cybercriminals. Unfortunately, malicious actors view any potential security weakness as an opportunity to access and steal your data. In fact, according to this story from The Hill, The Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security’s cyber agency, recently issued an alert “pointing to specific cyber vulnerabilities around working from home versus the office. CISA zeroes in on potential cyberattacks on virtual private networks (VPNs), which enable employees to access an organization’s files remotely.”
With entire companies teleworking from home, security can be compromised; companies need to be more vigilant and implement new processes and procedures to ensure that cyber criminals are not successful.
Why the increased threat? There are a number of reasons why the sudden move to a remote workforce can lead to cybersecurity breaches. These include:
- Behavioral changes: Working off-site, employees tend to be more relaxed and more likely to let their guard down – perhaps even answering emails designed to provide data access to hackers. Also, with stress levels increased, staff might be more inclined to be reactive and less strategic in their actions. Malicious actors typically apply high pressure and quick turnaround.
- Situational changes: Working in disparate locations, security instructions, and access rules can fall through the cracks. This can result in less stringent oversight of transactions and other key workflows.
- Technological changes: Suddenly companies are forced to extend their firewalls beyond the physical boundaries of their office. Company systems are being accessed from a wide range of devices, even personal devices. These changes can lead to compromise, data sprawl, and other challenges.
What businesses can do. There are practices companies can adopt to shore up their cybersecurity to prevent potential attacks and data breaches. Here are a few things companies can and should do.
- Organize your response to this crisis in advance of a problem. Get communication, incident response, and business continuity plans in place, and share with all personnel.
- Adapt and set organizational expectations and rules of engagement for communications.
- Make sure you have a Disaster Recovery plan, with Backup and Restore of all systems. Test your recovery plan regularly.
- Establish approvals for key workflows, such as transactions or security permissions – and ensure that you have a process for verifying these critical activities (ex. wiring money).
- Prioritize the use of multifactor authentication or other conditional rules for accessing company systems remotely.
- Make sure your employees are only using approved devices to access company data – set strict guidelines for the use of personal devices.
- Check to see that you are appropriately licensed – some VPN solutions will not allow users over the maximum license count.
- Ensure your new critical remote access infrastructure is monitored and patched regularly.
- Business must go on. Workflows must continue. Make sure you have the tools and infrastructure in place to support normal working conditions remotely.
- With what may be months away from the office and from each other, keeping your teams engaged could become a challenge. As someone who generally works remotely, I recommend you use video liberally, even for quick conversations. This usually results in inconsistent engagement.
- Enlist the assistance of your IT/security team/outsourced providers to support your business through this temporary but substantial change.
There are actions every company can and should take to safeguard their systems and data in the new business landscape. When you plan for cybercriminals to give it their worst, you’ll be better prepared to survive, maintain connectivity and security, and even thrive during this time of disparate home offices and telework.
About the Author
Andy Sauer is Director of Cybersecurity at Steel Root in Salem, MA. In this role, he specializes in helping defense and federal contractors meet their compliance obligations and build their cybersecurity capability to meet the modern threat landscape head-on. Prior to joining Steel Root, Andy managed IT operations and cybersecurity in the defense industry, internally and as a consultant. He currently holds the following certifications: CISSP (Certified Information Systems Security Professional) from ISC2 and a CISM (Certified Information Security Manager) from ISACA.