Over the past 9 months, home working has become ‘the new normal’ for businesses across the globe. The Office for National Statistics reported that in April 2020, 46.6% of people in the UK worked from home - 86% of those as a result of the lockdown. However, when lockdown was first enforced, many firms had inadequate strategies in place to protect their newly remote workforce. Unfortunately, there was simply not enough time to assess the risk of these huge technological changes. As a result, IT teams were under pressure to keep staff connected, without following the necessary security protocols.
As the UK has now entered lockdown 2.0, businesses must now ensure they can eliminate security gaps and deliver a more robust, future-proof remote working strategy.
The challenges: The 2020 threat landscape
Not even a global pandemic can stop cyber-criminals. Since the outbreak of Covid19, there was a markable increase in targeted cyber-attacks and phishing attempts. Among the chaos which ensued back in March, hackers were quick to reap the rewards of the rapidly growing attack surface. As thousands of employees shifted to home working, suddenly their opportunity to attack had grown exponentially.
So… what happened next?
Covid19 Cyber Security Statistics:
- According to Google, 18 million phishing emails about COVID-19 are sent every day
- The proportion of attacks targeting home workers increased from 12% of malicious email traffic before the UK’s lockdown began in March to more than 60% six weeks later
- RDP brute-force attacks grew 400% in March and April alone
- Email scams related to covid-19 surged 667% in March
- Users are three times more likely to click on pandemic-related phishing scams
- More than 530,000 zoom accounts sold on dark web
- Covid-19 drives 72% to 105% ransomware spike
- Since the start of the pandemic number of unsecured remote desktop machines rose by more than 40%
How to build a robust remote working strategy
By implementing the following key measures outlined in our ‘remote working checklist’, you will have a strong and tested approach to widespread homeworking.
- Endpoint protection: This is especially important during the Covid-era as employees may be accessing corporate data on unprotected personal devices such as laptops, tablets and smart phones. Advanced endpoint protection like AMP for Endpoint, helps to detect and block threats which may try to infect a remote device.
- Adequate VPN capacity: A VPN creates a protected tunnel that stops unwarranted access to browsing history, financial information or passwords. Using end-to-end encryption, a VPN enables home workers to securely connect to the corporate network. To protect remote users, you must ensure you have the adequate licence capacity to support your entire workforce at home. It is important to check this so that you can make the necessary adjustments to support your network needs.
- Centralise alerts: To help improve visibility of your remote infrastructure and respond quickly to cyber breaches, it is a good idea to centralise your alerts and audit logs for all of your critical systems. For instance, by collating logs from your VPN, endpoint protection tools, firewall, access logs and other security tools, you can streamline processes for the administrator and identify suspicious activity across your network. Solutions such as Cisco SecureX (which is free for Cisco Security customers) allows you to do just that.
- Update your incident response plan: As your network changes, so should your incident response plan. This should involve a thorough evaluation of your network, who has access to each application and where critical data is stored. This process must be thoroughly documented and then tested with multiple scenarios in mind. This way, if you do suffer a breach, the down-time window can be significantly minimised.
- 2-factor authentication: 2FA is extra layer of protection for all of your private accounts. Even if a hacker got hold of your password, without access to your 2FA they are unable to gain entry to your private accounts. Introducing a company-wide 2-factor authentication policy, is one of the simplest ways of reducing cyber-risk for your remote users.
- Regular Cyber Awareness training: With the prevalence of phishing emails and social engineering attacks during lockdown, it is important to reduce the risk of employees clicking on malicious links or disclosing passwords. After all, human error has always been one of the main causes of cyber-attacks, according to IBM it equates to a staggering 95% of all cyber breaches. A good way to test the awareness of your employees, is by offering regular phishing simulation exercises. These help to test how savvy your workforce are when it comes to phishing scams. If they are duped into clicking on the faux-malicious links, they will be redirected to comprehensive training videos.
- Documented Cyber Security guidance: It is important to ensure that up-to-date policy information is readily available and explained to all staff. This helps to promote a strong culture built around Cyber Security best practice.
- Stringent update policies: This may seem like an obvious one, but when employees are working from home they are less likely to follow update protocols. If your employees are using out-of-date software, this could expose your network to malicious attacks. However, by rolling out mandatory update policies (utilising software such as ManageEngine)- you can do ‘patch Tuesday’s’ to ensure that update policies are routinely followed by remote staff.
- Password managers/ regular updates: Password managers such as LastPass are a secure vault which store and protect your passwords for your corporate accounts. Password managers greatly reduce the risk of password recycling, as you are able to generate secure and unique passwords for each account. It is also important to create policies which mandate regular password updates for critical accounts.
- Advanced threat intelligence: To protect your remote workforce, you must be able to proactively take control of malicious attacks in your environment. To do this you must have security tools which have automated threat intelligence capabilities. This allows you to automatically detect and block threats before they can impact your business.
- Test your security defenses: Once implemented, it is important to test the resilience of your new remote working strategy. By carrying out CREST penetration tests you can determine the strength of your defenses against ‘real-life’ attacks. If security holes are identified, they can be quickly remediated- to improve the overall strength of your security posture.
Get in touch: We can help you implement a strong remote working strategy
Here at Equilibrium, we are here to support businesses throughout this challenging time. As Cyber Security experts, we can help you to protect remote users, identify advanced threats, increase network-wide visibility and keep your business up and running! Please do not hesitate to get in touch if you would like our support with implementing a robust remote working strategy, call us on 0121 663 0055 to chat to us about your concerns.