Is Your Remote Workforce Secure?

Bill Onion
April 22, 2020 | 10:30 AM

briteskies-blog-briteskiesHow to avoid security vulnerabilities while working from home.  

As stay-at-home orders slow business for the majority of people around the world, online hackers remain as active as ever. And with nearly all offices working via remote connections, the opportunities for a security breach have increased. From new types of scams to individual security responsibilities, here are a few things to keep in mind as your remote team adjusts to this new normal.  

What to Watch For  

Phishing Campaigns 

Security firms around the world have seen a number of phishing email campaigns using COVID-19 as a lure, including fake messages from the World Health Organization. What looks to be an informational email with updates on the virus actually contains malware and infostealers 

It's not just informational emails either. As financial relief is distributed, firms have reported emails with attached documents that are supposedly used for compensation, but actually open the recipient up to malware. This scam in particular highlights the new targets that exist today; with all taxpayers eligible for potential financial compensation, all taxpayers have become targets.  

RDP Vulnerability 

As more and more people are relying on remote desktop protocol to remotely access systems and servers, more poorly secured or unprotected RDP endpoints are easily accessed by hackers. Many organizations are continuing to use RDP in a manner that leaves their networks and data exposed to hackers.  

As Stephen Cobb, an independent security and privacy researcher, told, "Sadly, the sense of being 'all in this together' in the fight against coronavirus is not felt by all criminals, and some will have no ethical qualms about abusing RDP for profit regardless of the impact on victims."  

Team Morale 

In an interview with Tom Field of ISMG, Cybereason CSO Sam Curry outlined a few things to keep in mind during this crisis. While he stressed the importance of sticking to a plan, much of the security concerns he highlighted are people-based. These went beyond just unsecure home machines or rogue clicks on dangerous links to the feelings of team members. With job security in question it's possible that internal attacks from disgruntled team members may arise. Maintaining relationships and keeping communication among your team open is just as important as securing your firewalls and VPNs.  

How to Secure Your Remote Workforce outlined six core cybersecurity controls that organizations need to tackle to keep their company running smoothly:  

  • Patch every system as quickly as possible to lower the organization's attack surface 
  • Back up all data to enable the organization to quickly roll back or restore systems, especially after a ransomware attack 
  • Take steps to secure remote access, via VPNs for example, and lock down all remote touch points, such as via RDP 
  • Ensure passwords are tough to crack and that new services get launched with strong passwords 
  • Use multifactor authentication everywhere possible
  • Educate users about the latest phishing threats, like those discussed above  

It may seem like a lot, but much of those suggestions likely only require updates to current policies in place. A few other considerations from our security expert include:  

  • Be sure your management interface is not on the WAN side of your VPN 
  • If you don't currently have a remote work infrastructure, consider working with a vendor to create a virtual desktop infrastructure (VDI) for employees to access from their home PCs 

In these uncertain times, the last thing you want to deal with is a cyberattack on your company. By following the best practices shared by industry experts, you can reduce the security risks that come with a majority remote workforce.  

Do you need help addressing some security concerns? Contact our team for advice or a helping hand. 

Ready to shine? Contact us.

A Great Offer, Just a Click Away

Lorem ipsum dolor sit amet, consectetur adipiscing elit

You May Also Like

Subscribe by Email

No Comments Yet

Let us know what you think