Increasing security of your remote employees is crucial to the security and integrity of your systems and data
With the COVID-19 pandemic creating what appears to be the new normal, IT and security teams across nearly every industry continue to face unprecedented business situations. While it’s a time of extreme uncertainty, many business operations cannot be put on hold. Organizations need to be increasingly flexible and adapt their operations as they support an entirely distributed, virtual workforce.
Much of the transition has been prominently praised in headlines over the last few months. Zoom is now a household name, Slack is finally starting to replace email messages and cloud computing is being heralded for its role in keeping businesses operational.
But it’s a more complicated story behind the scenes. Many organizations have relaxed VPN policies to give their workforce remote access to critical information and systems. Employees not equipped with corporate-issued laptops are now using unmanaged personal devices to access company systems and data and doing so from less secure home networks. According to reports from Shodan.io, there has even been a notable increase in the number of computers accessible via RDP from the internet—a risky move that only highlights the dire straits many teams have found themselves in.
These steps ensure immediate business continuity, but they come with serious repercussions. Each of the steps above increases risk for enterprise security organizations. Further exacerbating the issue is the fact that as millions of workers rapidly transition to working from home, cyberattackers are actively looking to take advantage of stressed IT and security resources. We’re already starting to see significant increases in phishing attacks and other email scams, many of which play on themes of fear and sympathy surrounding the pandemic to lure victims.
Keeping Remote Workers and Systems Safe
Fortunately, there are a few practical steps security and IT organizations can take to protect the network while they defend a larger and more porous attack surface.
Determine where people are remoting in from
IT organizations should pay attention to the geographic origin of external IPs connecting to their VPN concentrator or access gateway. Knowing where each of your users should be connecting from is very important to detect an unusual log-in, and one user connecting from two geographic locations should certainly raise alarm.
It’s also important to verify that employees are using approved remote access tools. Many organizations have policies against using remote access tools such as TeamViewer, LogMeIn and GoToMyPC because they present significant security risks. Now is not the time to loosen those policies, but to educate workers about how they can securely access sensitive applications and data. The fastest way to identify these types of policy violations is to look at network traffic.
Monitor Active Directory accounts
Phishing scams and ransomware attacks are on the rise—according to Vox, by March more than 4,000 domains using words and phrases including “Corona” and “COVID” had been registered for use. In this time of heightened attack, there are a few key behaviors IT and security teams should be actively monitoring. Look for excessive lockouts, failed logins and use of disabled accounts—all of which can indicate attackers have compromised a user device and are trying to gain access to more resources. Tracking service accounts for unusual behavior is a good idea, as is setting up “canary” accounts that act as a honeypot or tripwire, catching attackers looking for more access in your network.
This step is especially critical, given the massive number of unmanaged personal devices that employees are now using to access the network. These unmanaged devices heighten the risk of stolen credentials and can open up the organization to additional vulnerabilities.
Lean into your people
People are your greatest asset, and that goes for your IT and security personnel. And that’s why finding ways to work together, share information and avoid finger-pointing is critical. Teams traditionally focused on one domain—whether end user experience or security—may lack the visibility and expertise required to manage that under new conditions. Colleagues will benefit from reaching out to others and getting their input on how to solve the challenges they are facing together.
Securing Remote Workers: Final Thoughts
Finally, the best advice I can give to organizations—and what I’m doing at my own company—is regularly reminding employees to stay on their guard. This is going to require vigilance from all sides, but it’s what is required to get through this period without major security breaches.