Search

Cybersecurity for your suddenly remote workforce by Arctic Wolf

Remote worker challenges:


  • Lack of IT security policy, procedures and solutions for a remote workforce are being identified/built "on the fly"

  • IT processes and resources will be impacted during the transition.

  • Resource limitations for existing infrastructure will be tested.

  • Hardware sourcing will become a challenge as demand surges.

  • Standard employee behavior is changing - workers are using home networks in ways they didn't used to.


COVID-19 Emerging Threats


  • Phishing and social campaigns centered around COVID-19. HR and IT departments are notorious for being spoofed and used for phishing lures. Phishing emails are inciting fear of outbreaks and firing for not complying with social distancing. Impersonation of official government agencies, elicit donations via bitcoin to help create a vaccine, DIY coronavirus at home testing kits which capture credit card information are also being sent. Recommendations: 1) Increase user awareness training 2) put the word EXTERNAL on all emails coming from outside the company so they draw more attention to end users and make end user aware of scams.

  • The use of COVID-19 for malware distribution. 1) Mobile apps are being used to ransom encrypted data and threaten to leak data on apps about mapping COVID-19. 2) Hackers are also using global shipping/supply chain fears as a lure and targeting industry like manufacturing, industrial and pharmaceutical. 3) Home routers are being targeted for DNS redirection. Recommendations: 1) Reinforce security training and implement an MDM solution. 2) Maintain or establish a good vulnerability management process including patch management! 3) Make sure you have good endpoint protection, especially on the remote workforce that is not behind the firewall. 4) Enable secure DNS technologies on home routers.

  • Business attack surfaces are expanding. There has been a 170% increase in Open Ports since January of 2020. Recommendations: 1) Vulnerability management and patch process 2) Firewall review 3) External posture assessment - what services are open and not open.

  • Sophisticated attacks leveraging business email compromise on the rise. Leveraging executives' titles to receive aging reports from finance team, using the aging reports to send collection notices to customers and using COVID-19 to say they are changing banks and the way they are collecting money so they nee to update the payment information and then process the outstanding invoice. Recommendations: 1)Implement a policy for validation of fund transfers 2) add [EXTERNAL] to the subject line 3) add MFA to policies and procedures involving money transfers.

  • Increased personal account takeover and credential stuffing. Spycloud has observed an increased number of credential stuffing schemes including taking over meal-kit delivery services by modifying the shipping address back and forth. Recommendations: 1) Enable MFA 2) Monitor for account takeover/breaches 3) establish 24x7 monitoring


Industry Recommendations for Securing Remote Workers


  • Communicate to employees of impending scams related to the pandemic

  • Reinforce security training (don't click!)

  • Leverage a VPN to access company resources - don't just enable RDP

  • Maintain/establish a vulnerability management process (patch!)

  • Enable MFA on all authentication wherever possible - start with admin accounts

  • Have a strong backup/DR policy

  • Establish 24x7 Monitoring of infrastructure and cloud services

  • Monitor for account takeover/credential data breaches

  • Implement advanced threat detection and response capabilities

  • Keep IT healthy and well-staffed


Arctic Wolf Security Recommendations

Phishing/BEC

  • Add [EXTERNAL] to all inbound email subject lines

  • Don't click links, hover and validate location

  • Establish procedure for when/how financial transactions are approved. Email can't be the final say.

  • Enable Sender Policy Framework

Malware

  • Validate endpoint prevention tools are installed and updated

  • Validate vulnerable software is patched/updated

Data Privacy/Communication

  • Company data should not be stored on private computers

  • Sharing corporate computers with family members should not be allowed

  • Company data should only be shared on sanctioned cloud applications

Increased Attach Surface

  • Firewall review - external posture / attack surface before and after, recent changes (get into change control/tracking), backup

  • Active Directory Review - Review privileged group memberships and validate appropriate audit configuration settings.

General Infrastructure Audit

  • Ticket/document ALL changes during this time. You won't remember when life returns to normal what needs to be changed back to the way it was.

  • Track all license increases so when things return to normal renewals don't happen automatically.

Home Network

  • Enable secure DNS on your router and add a guest wireless network that is segregated from your home network for your corporate devices.

Password Managers

  • Leverage a password manager for accounts - Lastpass, Dashlane

Disposable Email Addresses

  • Use disposable email addresses for new accounts that forward to your work email account.


3 views

Recent Posts

See All

Manage Windows Updates Without WSUS

What are the Limitations of WSUS? While it may be the “classic” patch manager of choice, WSUS is burdened by a variety of limitations, especially in the modern tech landscape. Back in the day, it was

©2018 by Saje Network Systems. Proudly created with Wix.com