Wednesday, April 1, 2020

Corona-cation? Here’s How to Work From Home Securely

By now, the whole world is feeling the effects of a tiny little troublemaker called SARS-CoV-2 or Coronavirus (or COVID-19; oh so many choices!). Every piece of news, every conversation and certainly every WhatsApp message is fixated on this rapidly unfolding situation.

And although there is a palpable feeling of concern hanging in the air like droplets, there have been some clear winners thus far in this saga; first and foremost, toilet paper. Another clear winner? Bleach. Bleach, bleach, everywhere, but do not drink a drop, as Samuel Taylor Coleridge might say if he were alive today.

The Current Reality of Remote Working

But the real winner of this situation is remote working. As workforces progressively disband to reduce exposure, remote working has gone from a trendy thing hipster freelancers in Starbucks do, to a necessary solution to ensure business continuity in the face of uncertainty. There’s no timeline for this outbreak and no one knows how or when the virus will be contained. So until then, working remotely seems to be the best answer to staying productive and connected while the world rides this out.

Not that working remotely is a bad thing; some companies have been encouraging working from home for years. Even before Covid19 came crashing into town, 25% of the American workforce was working at least partially from home. And the so-called gig economy, or the focus on short-term and temporary, contract-based positions, has been on the rise for years, thanks to a weak economy in the mid 2010s. So freelancers, temporary employees, and even employees of some progressive organizations have been doing this remote working thing for years.

There are actually some tangible benefits to working from home (not exposing oneself to coronavirus, aside). Research has found that remote workers are in fact more productive than in-office employees—no wasting time at the water cooler! They are also more engaged and have higher levels of job satisfaction, which means employees stick around longer, making for more cohesive teams and a better overall working environment (even if it’s virtual).

The Dangers of Bringing Work Home

But it’s not all butterflies and unicorns; remote working does come with some risks that are even more dangerous than your 20th trip to your snack cabinet. We are all familiar with the risks posed by an expanded attack surface; Any large network that has a significant number of people working from home is a prime target and attackers see this situation as a potential goldmine; Remote employees are often the weakest link, especially when the remote work setup isn’t the result of a well planned rollout, and rather, is an ad-hoc effort to get everyone out as soon as possible.

For example, in hard-hit Italy, as soon as workers were dismissed and told to work from home, the occurrence of cyber attacks shot right up, with a large portion of their campaigns focused on capturing remote user credentials to access networks. Also, the typical home computer is not outfitted with the same level of security measures as are workplace endpoints. With the higher than usual number of users working at home, the increase in attacks is almost inevitable. Moreover, in their mad dash to “stay connected”, employees use unmanaged devices, completely off the radar of corporate IT departments.

The main means of protecting users from the dangers that come along with remote working has always been to connect to the company VPN. But there are some snags in that less-than-ideal plan; first of all, while VPNs encrypt data in transit (from the corporate network to the user and back), they cannot protect the device itself. If an attacker gets ahold of the right credentials to access the device, they can make their way onto the network. They also cannot protect against threats such as malware infiltration and lateral movement.

More problematically, VPNs have been in attackers’ crosshairs since last summer when massive vulnerabilities in Palo Alto, FortiGuard, and Pulse Secure VPNs were disclosed by researchers. Though ideally companies should have fixed these issues by now, a large portion have not patched these holes, which led to January’s huge Travelex hack and the widespread Fox Kitten APT campaign, which has been taking place over the course of the last three years but was disclosed this past February.

To successfully and securely work at home, remote employees need to take heed of some elemental security precautions rather than assuming their VPN has them covered. Here is how to improve your chances of staying secure:

  • Ensure that your router is password protected and set encryption to WPA2 or WPA3;
  • Make sure employees are trained to avoid phishing threats stemming from emails and rouge websites (this is especially important now, as there are lots of fake coronavirus-related emails circulating that have malware-filled attachments);
  • Backup all data in case of disaster;
  • Make sure to have a solid AV program installed.

The last element needed to make working remotely secure is a software defined perimeter (SDP). SDP allows your workforce to build an at home Zero Trust framework so they can work from anywhere and securely access all applications. SDP uses a “verify-first, access-second” approach across your applications for enhanced security. It’s exactly what employees need to stay secure when working from home.

This Too Shall Pass (we sure hope!)

With that, we wish you all good health and to stay safe. And may you all be able to return to your workplaces soon.

 

The post Corona-cation? Here’s How to Work From Home Securely appeared first on Cybersecurity Insiders.


April 01, 2020 at 10:14PM

0 comments:

Post a Comment