IT departments face a major challenge ensuring mobile devices used by remote workers are secured and that challenge has just got bigger as a result of the 2019 Novel Coronavirus pandemic with so many employees now working from home. To help IT departments manage security risks, we have compiled a cybersecurity checklist for remote workers detailing steps that can be taken to deal with the challenges of having a largely remote workforce.
Given time, IT departments can make sure mobile devices are configured correctly, are free from vulnerabilities, and have all the necessary software and security solutions installed to allow employees to securely work from home. Training can also be provided to remote workers to teach them cybersecurity best practices and how to practice good IT hygiene; however, the speed at which the 2019 Novel Coronavirus has spread has meant employers and their IT departments have had little time to prepare and have had to accommodate massive numbers of employees self-isolating and working from home.
Telecommuting Cybersecurity Risks
A massive increase in remote workers significantly increases the attack surface. Not only have many devices left the protection of corporate firewalls, additional software solutions have had to be installed to ensure workers can continue to be productive at home. Videoconferencing software is required, chat platforms need to be used to maintain contact, and VPNs are required to secure connections over the internet.
The cybersecurity risks introduced by telecommuting are considerable. Even solutions used to improve security can be turned against an organization. VPNs will ensure connections to work networks are secured, but if VPN credentials are compromised, attackers can use them to gain access to corporate networks undetected and VPNs can be turned into pipelines for delivering malware.
In 2019, several popular VPN solutions were found to contain critical vulnerabilities that allowed attackers to easily gain access to credentials. While patches were promptly developed and released to correct the flaws, many businesses failed to perform updates quickly. Even today, almost a year after the patches were released, some companies are still using vulnerable VPNs. Cybercriminals have been quick to take advantage and attacks on vulnerable VPNs have increased significantly.
When workers are in the office collaboration is easy. Close collaboration needs to be maintained when the majority of the workforce is working from home. IT teams must try to ensure the same communication tools that are used in the office are still available to remote workers. If not, employees will find their own ways of communicating, which may not provide the required level of security. If employees start using Google Drive for sharing files for instance, IT departments will lose visibility and will not be able to tell where sensitive data is being stored or transmitted.
With so many home workers due to the 2019 Novel Coronavirus and COVID-19, use of videoconferencing solutions has skyrocketed. Many platforms are now being used, although Zoom is one of the most popular choices. While this videoconferencing platform claims to offer end to end encryption, it has recently been discovered that Zoom’s interpretation of end-to-end encryption is different to other solution providers. While Zoom meetings are encrypted from Zoom client to Zoom client, Zoom has access to audio and video. Many companies have instructed their remote workers to stay in touch using Zoom but may now have to reconsider and use a platform with true end-to-end encryption. Vulnerabilities have also been identified in the platform in the past few days which could be exploited to gain access to sensitive data.
Phishing campaigns are being conducted to gain access to the credentials of remote workers. Cybercriminals are well aware that attacks are much easier on remote workers, and the large numbers of remote workers connecting to networks allows them to easily hide their malicious connections.
The COVID-19 crisis is likely to be a particularly stressful time for IT departments. While the cybersecurity risks increase with remote workers, it is possible to implement tools to manage risk effectively, protect sensitive data, and allow work to continue until life returns to normal again.
Internet Security and Telecommuting Workers
Working from home can be a challenge as there are many distractions that are not present in the office. It is often difficult for workers to separate work life from home life, and that applies to IT as well. Remote workers are likely to be tempted to use their work devices for personal internet use, rather than powering up their personal devices. It is important for policies to be established covering the allowable uses of company devices and those policies should be enforced. If corporate laptops are used for personal internet use, the risk of malware infections will increase.
The easiest way to enforce policies is with a web filtering solution. A web filter, such as WebTitan, allows IT teams to carefully control the online activities of employees and manage risk. With WebTitan in place, companies can enforce their acceptable internet usage policies and prevent their employees from visiting websites used for phishing and malware distribution. Since WebTitan integrates with Active Directory and LDAP, IT teams can easily monitor the online activities of each employee, identify potentially risky behavior in real time and take action to address those risks.
Rise in Phishing Attacks Warrants Email Security Improvements
The 2019 Novel Coronavirus pandemic has provided cybercriminals with many opportunities for conducting phishing attacks and distributing malware. The first major coronavirus-themed phishing campaigns were detected in January 2020 and in the weeks that have followed the volume of messages has soared. People want up to date information on COVID-19 cases in their local area and advice on protecting against infection. Cybercriminals have been all too happy to oblige.
The campaigns we have identified have included highly convincing scams impersonating authorities such as the Centers for Disease Control and Prevention and the World Health Organization. The emails claim to offer important advice and updates about the Novel Coronavirus and COVID-19 but install malware and steal credentials. Remote workers are being targeted with emails spoofing their own HR departments, telling them about new protocols that must be adopted following infections in the office. A day doesn’t go by without another phishing scam being uncovered.
The increase in phishing attacks coupled with the rise in remote workers means steps should be taken to improve email security, especially for Office 365 accounts, which are being targeted by cybercriminals. While standard Office 365 email security provided by Exchange Online Protection (EOP) may have been sufficient to protect against low level phishing attacks, the increase in targeted attacks means greater protection is now required. Businesses should consider adding another layer of protection with a third-party email security solution such as SpamTitan. In contrast to EOP, SpamTitan offers sandboxing to protect against zero-day malware threats and provides superior protection against phishing and spear phishing attacks.
Employer Cybersecurity Checklist for Remote Workers
Employers and IT departments can take several steps to reduce cybersecurity risks for remote workers. We hope this cybersecurity checklist for remote workers will help you to identify and address cybersecurity risks.
- Ensure a VPN client is installed on remote workers’ devices, that it is updated to the latest version, and remote workers have been trained how to use the VPN
- Restrict access to resources that are not required by workers and use the principle of least privilege
- Block the use of USB devices on remote users’ devices
- Get remote workers to check their Wi-Fi connection is secure, that a strong password has been set, and encryption is enabled.
- Set up systems to recognize probes and packet sniffers
- Implement encryption on devices to protect data at rest
- Ensure software is kept up to date and patches are applied promptly
- Ensure antivirus software is installed on all users’ devices and it is set to update automatically. Perform regular scans to identify malicious code
- Make sure all data is backed up to prevent against accidental loss and to ensure recovery is possible in the event of a ransomware attack
- Ensure screens are set to lock after a period of inactivity to prevent devices and data from being accessed by unauthorized individuals.
- Augment email security and create layered defenses to protect against phishing attacks
- Implement a web filter to prevent workers from accessing malicious websites
- Use cloud applications for sharing sensitive data with remote workers rather than email
- Provide ongoing security awareness training to employees to make sure they are aware of the cybersecurity risks for remote workers and are taught how to identify phishing and other threats
- Ensure complex passwords are set and password policies are enforced
- Enable multifactor authentication for email and cloud applications. If credentials are compromised, access will not be permitted without an additional authentication factor
- Set computer use policies for remote employees. Make sure employees are aware that corporate devices can only be used for work purposes
- Ensure support is always available for remote workers and prioritize support for remote access solutions and security issues
- Make sure all employees are aware of the procedures to follow for security incidents
- Step up network monitoring and ideally use an intrusion detection solution and AI-based tool to identify anomalous user behavior that could be indicative of an insider threat or cyberattack in progress