By John Macintosh,
Regardless of when the current health crisis ends, large organizations should be prepared to manage security with fewer onsite personnel and a wider overall attack surface. Being aware of the increasing threats and continually assessing your environment for gaps are both critical. Here are six key factors to evaluate and implement.
1. Assume a breach. Initial breaches are even more likely as the number of phishing emails impersonate credible sources. Recently, the World Health Organization and the CDC have been the subjects of fake emails. Employee security training and continued reminders of how to watch for fake emails scams is critical. However, it’s best to assume someone will click on a bad link. Are you prepared for what happens next? Can an intruder laterally move across your organization?
2. Update systems as much as possible. Web browsers are a particularly high source of risk as many employees will be lured to scam websites looking for information. COVID-19 and coronavirus themed domains are being registered in alarming rates. Management of patches and updates is critical across every system.
3. Secure your ingress and egress. Wireless connections at coffee shops, co-work meeting locations and homes can be compromised. Your new work-from-home employees may not be as well versed in security procedures as your seasoned traveling sales team. Again, training is critical as well as a plan that assumes a remote device is compromised and an attacker can get inside your network.
4. Watch for new applications. Distance from headquarters also leads to more shadow IT as distant employees try new services to get work done. Can’t figure out how to share a file? Let’s get a new Box or Dropbox account. Need to edit that file, maybe there’s a free tool to use. Without involvement of security or IT teams, remote employees can easily bring attackers onboard. Be prepared to identify how those attackers can move inside your organization. One laptop is bad, but exfiltration of your customer data is a nightmare.
5. Continuously assess, scan, and test your entire network. Most large organizations are too complex to guarantee a 100% compliance with vulnerability and patch management. Through automatic pen testing, continuous attack simulation modeling, and red and blue team exercises, you can prioritize and build defenses that protect your most critical digital assets.
6. Build remote security capabilities. In addition to your standard workforce, your security and IT teams may be working remote as well. Do they have tools to scan and assess your security posture from home?
A rapid transition to a work-at-home employee base can quickly create a porous security posture. By being proactive and assuming the worst, your IT and security teams can get in front of an attacker. Make sure you educate and equip your remote teams to be secure, and then assume a breach and protect attack paths that lead to your most critical assets.
John Macintosh is a senior field engineer at XM Cyber. He has extensive experience in cyber security, having managed implementations and customer success for many major global brands such as Barracuda Networks, Centrify and Comodo Cybersecurity. John has spent over a decade also working on the client side, supporting IT infrastructure and cybersecurity projects. He has a strong background in advanced firewalls, remote network access technologies, identity and access management, remote device management, and advanced endpoint protection platforms.