The New normal working from home environment can present a great strain on infrastructure and a great opportunity for increased activity from cybercriminals. We must ensure that this crisis situation does not lead to digital (or cyber) disaster. In this toolkit we share what we are seeing as the greatest challenges and solutions that can be implemented to ensure security posture is maintained while the system may be under stress.
The work paradigm has shifted...
More Endpoints to Protect
Each user’s home network is now part of the corporate attack surface and could be used as a vector to launch attacks.
Work from home adds complexity
Users are now being distracted by home issues and stress from the pandemic. This can lead to users making “bad” decisions regarding phishing campaigns.
Higher use of “new” cloud services
Users could begin to “solve” their own challenges by leveraging cloud-based tools which are out of the control of the IT and security groups and could create risks to corporate assets
Increased Technical Support Issues
Increased complexity of troubleshooting technical issues as most users are not “tech-savvy” and their home network and technology support must be performed remotely.
Increased Video Conference Usage
Business users are now relying on video conference solutions to conduct business. The demands on these services will become a constraint and potentially an availability risk.
Increased Issues with time management
Users are working different and shifted hours due to reduced commutes, homeschooling, etc. This can require different staffing models for support and security monitoring.
Key Threats
What we are seeing right now
Tools for IT and InfoSec Teams
Conference call management
Security Intel Monitoring
Telework Policies
User Training and Ongoing Communication
Partnering with the Business
Good Hygiene Practices
Performance Monitoring
End Point Protection
User Defense Strategies
Use MFA Everywhere
All personal accounts that support MFA should be using it, including personal accounts like Netflix, ITunes, Ring, Etc., and passwords should not be reused on any accounts.
Secure your Wifi
Home wifi routers should be configured to use WPA2 encryption and a strong password should be used for setup.
Limit Access to Devices
Work computers and devices should be restricted to only work activities and not used by other family members.
Be alert to attacks
Phishing scams and campaigns are prevalent right now. All users need to be extra cautious of not opening and clicking on links and attachments.
Coordinate with IT
It is very important that users not just “find” new tools to perform work activities without checking with IT to understand the risks that may be created.