Is Your Remote Workforce Secure?

How to avoid security vulnerabilities while working from home.

As stay-at-home orders slow business for the majority of people around the world, online hackers remain as active as ever. And with nearly all offices working via remote connections, the opportunities for a security breach have increased. From new types of scams to individual security responsibilities, here are a few things to keep in mind as your remote team adjusts to this new normal.

What to Watch For

Phishing Campaigns

Security firms around the world have seen a number of phishing email campaigns using COVID-19 as a lure, including fake messages from the World Health Organization. What looks to be an informational email with updates on the virus actually contains malware and infostealers.

It's not just informational emails either. As financial relief is distributed, firms have reported emails with attached documents that are supposedly used for compensation, but actually open the recipient up to malware. This scam in particular highlights the new targets that exist today; with all taxpayers eligible for potential financial compensation, all taxpayers have become targets.

RDP Vulnerability

As more and more people are relying on remote desktop protocol to remotely access systems and servers, more poorly secured or unprotected RDP endpoints are easily accessed by hackers. Many organizations are continuing to use RDP in a manner that leaves their networks and data exposed to hackers.

As Stephen Cobb, an independent security and privacy researcher, told DataBreachToday.com, "Sadly, the sense of being 'all in this together' in the fight against coronavirus is not felt by all criminals, and some will have no ethical qualms about abusing RDP for profit regardless of the impact on victims."

Team Morale

In an interview with Tom Field of ISMG, Cybereason CSO Sam Curry outlined a few things to keep in mind during this crisis. While he stressed the importance of sticking to a plan, much of the security concerns he highlighted are people-based. These went beyond just unsecure home machines or rogue clicks on dangerous links to the feelings of team members. With job security in question it's possible that internal attacks from disgruntled team members may arise. Maintaining relationships and keeping communication among your team open is just as important as securing your firewalls and VPNs.

How to Secure Your Remote Workforce

DataBreachToday.com outlined six core cybersecurity controls that organizations need to tackle to keep their company running smoothly:

Patch every system as quickly as possible to lower the organization's attack surface
Back up all data to enable the organization to quickly roll back or restore systems, especially after a ransomware attack
Take steps to secure remote access, via VPNs for example, and lock down all remote touch points, such as via RDP
Ensure passwords are tough to crack and that new services get launched with strong passwords
Use multifactor authentication everywhere possible
Educate users about the latest phishing threats, like those discussed above

It may seem like a lot, but much of those suggestions likely only require updates to current policies in place. A few other considerations from our security expert include:

Be sure your management interface is not on the WAN side of your VPN
If you don't currently have a remote work infrastructure, consider working with a vendor to create a virtual desktop infrastructure (VDI) for employees to access from their home PCs

In these uncertain times, the last thing you want to deal with is a cyberattack on your company. By following the best practices shared by industry experts, you can reduce the security risks that come with a majority remote workforce.

Do you need help addressing some security concerns? Contact our team for advice or a helping hand.