WFH Cybersecurity Recommendations During COVID-19

by | Feb 20, 2021

You’re scrambling to figure out how to plug in your laptop in the only room of the house your kids can’t break into during your conference call, when it hits you. A text message from a colleague with a number you don’t recognize asking you for a weird bit of information. “Can you confirm your phone number? What’s the password to log into Hubspot? Can you authorize the time critical wire transfer that just came in?”

As all of the U.S. struggles to adapt to new health restrictions due to the COVID-19 outbreak, attempts at fraud, hacking, and theft against remote employees are already starting. But just like responding to the viral outbreak, the direct actions of individuals and leaders can make a substantial difference in determining if your company is a victim.

What can you do to improve your cybersecurity?

Like infinite monkeys with infinite typewriters, given enough time and resources a determined hacker can breach the most secure system. But there are a number of basic and advanced steps you can take to make yourself a harder target and deter cyber criminals.

  • Be on the lookout for email “phishing” attempts, especially anything with COVID-19 as the subject matter, high urgency requests for money transfers, or requests from “the IT guy who needs your password”.
  • One helpful tip is to pay attention to e-mail gateway warnings (i.e. the note on your email that says “This e-mail was sent from outside [your company]”). Learn your company’s phishing reporting procedures, and warn them immediately if you think something is suspicious. Finally, follow up on requests that seem odd by calling the person directly, especially for financial transactions.
  • Securing your home office means more than installing a 4 year old proof lock (good luck FINDING one!).
  • Turn on auto update for your laptop and smartphone. If you have endpoint security software, make sure scheduled updates and scans are turned on, and run one now just for good measure. I’ll wait…
  • Update your router firmware in router and modem by logging into it directly and going to settings. Googling “how to update (—) router” provides easy step-by-step directions.
  • Perform security updates on all devices connected to your home network (PCs, tablets, phones, TVs, game consoles and handhelds, IoT devices like cameras, etc). While you are doing this, also check the boxes for using multi-factor authentication.
  • If you can, move devices that cannot be updated, like home IoT devices, to a separate or guest network that is different than the one you use for work. The same goes for kids laptops, game consoles, or IoT toys. This is easier than it sounds as most routers have a function for Guests that allow greater control and even limiting screen time. Good luck with that fight in the days of Disney+…
  • Take advantage of your company’s network security measures. Use only a Secure Application Gateway to access corporate applications or a VPN to connect to company information systems and data. If you’re wondering what those are, send this article to your IT specialist. I’ll wait once more…

What can your company do to improve cybersecurity?

Just like community health workers, for those in charge of corporate IT security, your most important role during times like this will be split between providing calm, accurate, easy to understand guidance and triaging crises as they come in at an increasing rate. Some more advanced steps are below, but always feel free to reach out to your service provider, or us at the button below for guidance.

  • Take another look at your company’s risk profile with a deployed workforce. Determine your new security blind spots (for example, employee BYOD devices likely won’t have endpoint monitoring software visible to the company). BYOD policies are critical at times like this, but without sugar coating it, personal devices are one of your greatest risks.
  • Risk: Employees may struggle to use their work laptops, if they have them at all, in their home environment. There will be a strong temptation to send documents to personal accounts and devices. These accounts and machines, of course, may not be protected and monitored in the same way that sanctioned IT accounts are. Once sensitive files leave the corporate network, they’re impossible to track and control.
  • Mitigation: Provide clear, easy-to-follow guidelines for how to use portable work devices remotely. If workers don’t have access to portable devices, provide clear instructions for when personal devices should and should not be used.
  • Deploy and then remind people to use only Secure Application Gateway to provide per app secure access (preferred) or VPN to connect to company information systems/assets. Despite the guidance above, most users will probably not risk changing their WiFi settings. Enforcing use of VPN to access critical systems is a proven way to limit attack vectors to your corporate environment.
  • Educate your employees to encourage a heightened awareness for suspicious activity. Get your security team’s contact info up front and center to all your staff and encourage them to reach out about any issue, no matter how silly they feel for asking.
  • Deploy mobile device management (MDM) systems and enforce patching of corporate owned assets. Also ensure that corporate protection software such as EDR solutions are installed, and if you really want to get serious, prohibit the installation of non-corporate applications. There is a tradeoff between securing corporate assets and allowing for personal use, but this may mean no Fortnight on Mom’s laptop,
  • On the list of other “policies” to enforce are things like screen locking and built-in firewall being turned on. Companies could also use User & Entity Behavioral Analytics (UEBA) capabilities to lock PCs/accounts  exhibiting behavior not like the user normally on the machine including not logging on from expected locations, however, we will all likely be logging in from unexpected locations in the near term.
  • Double check auditing/conditional access policies, if you are looking for guidance check out this excellent article on what advanced attackers are looking to do to check out this post from Microsoft about what 5 APT groups can do in an O365 environment.

Finally a group near and dear to our heart at Resilience, insurers. Although there will probably be a lull in reported attacks during the next few weeks, the following months will likely see a large increase.  Here’s why:

Attackers will likely use this uncertain time to phish and credential harvest, test how much they can get away with, such as authenticating with a subset of those credentials.  The large number of anomalies security teams are adjusting to may enable these attackers to hide in the noise, enabling them to identify key vulnerabilities like privileged accounts on which MFA isn’t enforced. Even with less privileged accounts they gain access to, they may also conduct active recon such as searching shared drives or scanning internal servers to assess their target’s value and security posture while planning their next move (i.e. a targeted ransomware attack, data breach + extortion, or both) for the weeks and months ahead.

Like hidden cases of COVID-19, this activity is likely happening undetected to your organization or your clients right now. The resulting discovery of incidents could explode requiring all hands on deck to ensure claims are paid and incident responders are managed. If you have claims or incident response questions, Resilience is offering a new service to help clients triage and respond to incidents.