5 Best Practices for Safe and Secure Remote Work

Thanks to the connected world we all live in, working remotely is becoming increasingly popular and for good reason! Benefits to working from home include hiring for talent rather than geography (Swimlane has been doing this since day one!), having a more flexible work schedule, limiting commuter time, minimizing exposure to germs, the list goes on!

But, as with anything, these benefits do come with some risks. You may be aware of some, but others are not necessarily as obvious. To keep you productive and secure from your couch, your home office, or your favorite coffee shop, here are five commons risks to working remotely followed by recommendations to mitigate each:

1. Malware on User-Owned Systems
   Remote work exposes an organization to risk from potential malware on employees’ home systems. Think keyloggers scraping corporate passwords, as well as potential infection vectors for wormable malware if shared drives or workstations are mapped to writable shares in the OS. Keep in mind that, if users are using their own systems to log into your organization’s network, their systems are not subject to the same security controls and monitoring as the rest of the network.

   Recommendation: Where possible, assign users company-owned assets that can have security controls applied to them. Where user-owned systems must be used, monitor systems connected to the VPN for malware-like activity (blacklisted DNS requests, suspicious POST requests, network scanning, etc.), and have a procedure for removing those systems from the network. Also, segment remote workers from the rest of the network as much as business needs allow. It may also be worth considering implementing a Network Access Control (NAC) system for any devices which connect to your network.

2. Hiding in the Noise
   An increase in VPN/Remote Access traffic associated with an increase in users performing remote work provides the perfect cover for malicious actors to try to hide in the noise. You should be especially aware of password-spraying attempts utilizing common passwords during times of heavy remote work, such as natural disasters or security concerns, as actors may be poised to take advantage of a surge in recently-enabled, not-yet-configured VPN/Remote Access accounts.

   Recommendation: Enhance your monitoring of remote access attempts on common ports, especially those using common passwords or usernames. Keep in mind that usernames can be easily guessed with minimal research on social media platforms, a quick Google search, etc.

3. Phishing, Spam and Malvertising
   Bad actors are timely and sophisticated when it comes to exploiting would-be victims. As an example, current phishing emails, malvertising and general spam are trying to get users to click on malicious domains to buy short-supply items such as face masks and hand sanitizer or open macro-enabled Word Documents infected with Trojan droppers claiming to be Coronavirus information from the World Health Organization (WHO). Thousands of Coronavirus/COVID-19-related domains are being registered weekly, and many of these newly-registered websites are involved in fraudulent activity.

   Recommendation: User education is key here. Users need to be made aware of the huge volume of Coronavirus-related bait and encouraged to report any that they get in their mailboxes to their security team. By doing so, remote domains, file hashes and inbound emails can be blocked appropriately and proactively. And always remember: If it seems too good to be true, it is. Do not click on it.

4. Uncontrolled Wi-Fi Networks
   If your users are using public networks (cafes, libraries, etc.) to connect to the organization, what kind of data is being collected and by whom? Naturally, TLS-encrypted connections usually limit the amount of data that can be skimmed from the wireless connection by eavesdroppers, but TLS is only as good as your users remembering not to click through bad certificate errors and expose their traffic to a crafty opponent.

   Recommendation: Educate users on the importance of certificate validation and what to look out for when a Man-in-the-Middle attack is occurring (HSTS errors, etc. in their browser with clickthrough messages). Give users a phone number they can call if they suspect their connection is insecure. Don’t make them log in to submit a ticket if they might be snooped on! Exercise principle of least privilege and principle of least access for all remote users. That way, if any account is compromised, you can (hopefully) contain the amount of information loss. Additionally, multi-factor authentication is always a good idea. Everyone on your team—remote or not—should have that set up on their company devices and accounts.

5. Device Theft
   Theft of company laptops, USB drives and external hard drives out of cars or homes happens all the time. How safe is your data at rest on company systems and external drives?

   Recommendation: Implement Data at Rest policies such as encryption on all external drives and company laptops. Consider a solution such as LoJack for high-value company assets.

Wishing you safe and productive remote work!

Recent Articles By Author

• The Most Common SOAR Use Cases
• The Most Common SOAR Use Cases
• Building Best-of-Both-Worlds Automation and Threat Intel With Swimlane and VirusTotal – Part Two

More from Nick Tausek

*** This is a Security Bloggers Network syndicated blog from Swimlane (en-US) authored by Nick Tausek. Read the original post at: https://swimlane.com/blog/5-best-practices-for-safe-and-secure-remote-work/