We are having increasing numbers of conversations with clients about cybersecurity and business continuity challenges resulting from the rapid adoption of work-from-home scenarios to combat the spread of COVID-19.
Clients are interested in cybersecurity policy updates to improve remote access, and asking for increased employee education around BYOD security, secure WiFi use, basic security hygiene, and Covid-19 phishing attack awareness. And finally, clients are asking how they can maintain security with a dramatic increase in devices and employees accessing sensitive data and systems from remote locations.
Below are some of the frequently asked questions (FAQs) we’re being asked along with the advice we are sharing. There are likely many approaches, and many other questions. Please join the conversation by posting your point of view. We’re interested to hear how others are solving the challenges.
My corporate VPN will not handle the strain of thousands of telecommuting employees. What should I do?
Most organizations do not have VPN capacity for everyone. If you find your existing VPN infrastructure overwhelmed, it will be challenging to procure physical equipment and increase the capacity of your internet links, in a short time period.
We recommend you start by asking ‘what applications and business processes really require VPN’. Many services your business consumes are now delivered from the Cloud and are accessible directly without a VPN connection. (i.e. Office 365, Salesforce, Netsuite, Workday, etc.)
If you really need to increase VPN capacity, we can suggest a temporary workaround: Open VPN Server via the AWS marketplace. A number of our clients have done this. You can procure the license and the VM’s in a pay-as-you-go model. This allows you to leverage Amazon’s internet presence, and by establishing a site-to-site VPN back to your internal systems, you can rapidly increase your VPN capabilities while you procure enhancements to your internal infrastructure. Typically, your existing firewalls can handle more traffic via a site-to-site VPN than from 1000’s of remote users.
What technology should I prioritize to facilitate business continuity in a work-from-home situation?
- Collaboration licenses. Do you have enough collaboration license for everyone? With meetings shifting online it will likely stretch your collaboration infrastructure.
We recommend balancing capabilities along with the desire to allow employees and business partners to communicate via both voice and video when it makes sense. Video could become very important to maintaining a cohesive environment over time if people are unable to meet in person for an expended period of time.
- Password reset infrastructure.
The pressure on password reset infrastructure will become a challenge.
We suggest investing in self-service capabilities, if not already done so. If you haven’t, you are likely to face problems and potentially have your helpdesk over-run with requests.
What are the current tactics most commonly employed by attackers to compromise my security?
Kudelski Security has received many reports from our clients about the following:
- Fake Users Requesting Remote Access from the HelpDesk. This will continue to grow in frequency
Organizations will need to have a robust method of authenticating their remote employees in order to avoid falling victim to this type of attack. Hopefully, the time you previously invested in having a robust password reset process for your helpdesk will be able be leveraged to protect against this attack.
- Fake Users Pretending to be Helpdesk Support. This tactic usually involves the attacker asking employees to install software. This will also continue to grow in frequency.
We recommend you educate your workforce on how to identify a valid helpdesk request. Technical controls limiting the software employees can install is also a good call at this point.
- Fake Hardware Purchasing Requests Attackers are attempting to place orders for hardware under the auspices of a newly remotely working employee.
You will be better protected if you authenticate your requestors properly. Having a process in place where your hardware vendors only accept requests from validated sources will help you here.
What are the implications of remote working on my SOC data and operations?
A dramatic increase in remote connections is going to throw off your SOC baselines and will require you to re-baseline your traffic. It could also test your SEIM capacity to process and analyze all the new alerts.
We recommend you refine your threat hunting activities since all of these new remote connections are going to make it much harder to find bad actors.
Many employees work with sensitive data. How can we facilitate secure business continuity in a remote-office environment?
Many employees are working with sensitive data and may not be used to working with it outside of the office environment.
We recommend you run some compulsory security training to remind employees about good security practice (secure WiFi use, issues around BYOD, shadow cloud/IT, basic security hygiene, and Covid-19 phishing attack awareness).
We also suggest you may need to revamp your process to enable this type of work securely. This extends to having sensitive conversations in an unsecure environment, and will impact your research and development personnel who may be working on unreleased products. What are you going to let them take home? Or will you have to suspend certain projects if you determine you need to close your office?
Staffing & Business Continuity Concerns
What are the best ways to support employees working from home, many of whom are not used to working remotely?
Having a large influx of new remote employees, many of whom are not accustomed to working remotely will place a significant short term strain on your support staff.
Start by looking at additional resources or special incentive plans to mitigate any slack. Do people have the hardware to be productive?, i.e. printers, multiple monitors, power adaptors, dongles for our Mac people, etc. And while many clients are enabling staff to outfit their home offices with equipment from their primary offices, some cataloging should be done. At some point, many of these folks will likely return to an office. Corporate IT and finance will want to account for all the extra hardware that was either borrowed or purchased during this time to ensure it is returned or inventoried.
How can we keep morale and momentum going, in the medium to long-term? How do I keep revenue-generating employees engaged if the pandemic continues to affect new sales?
Honesty here is key. We also recommend having an open and honest discussion with your employees about the situation as it develops. It’s important that staff are reassured that this situation won’t last forever. Maintaining morale and ‘just checking in’ on your teams through regular phone calls/video calls will go a long way to keeping employees engaged.
See this unprecedented situation as an opportunity for online training. Programs that help skills development for remote working as well as developing industry-relevant knowledge are readily available.
What is the best way to preserve capital?
Preserving capital is an important point for reflection.
We suggest effective action is to right-size your project portfolio. Take the time to determine what projects across the enterprise are business-critical given the new operating environment. It’s likely you have many initiatives that can be postponed so that staff can focus on business-critical ones during this event. Not only does this preserve capital, but it also helps with any future staffing shortages
Need an expert? We can help. Click here.
This is an on-going blog post. Please comment here with anyone questions or concerns you may have and one of our experts will answer.
Latest posts by Kudelski Security Team (see all)
- Microsoft Type 1 Font Parsing Critical 0-Day Remote Code Execution Vulnerabilities - March 24, 2020
- Cybersecurity Concerns with COVID-19 - March 18, 2020
- Global Cybersecurity Outlook: Andre Kudelski at World Economic Forum - February 19, 2020