Businesses are adapting to a new world, where working remotely is a necessity for safety and continuing to stay productive.
Remote work has major implications for security, both because home networks and systems tend to be less secure, and because the threats targeting remote workers are significantly on the rise. In the last couple of months, since the coronavirus pandemic began to hit, we’ve observed, and other researchers have documented, a 667% increase in attacks. These attacks include phishing, malware, remote hacking efforts and related threats.
Phishing attacks are targeting email, instant and text messaging to exfiltrate data, take over accounts, inject malware and induce fund transfers. Many are COVID-19 themed, or may appear to come from a colleague, client, vendor or other entity where a relationship exists.
Malware threats are largely focused on ransomware right now, which can both hold your information hostage with the goal of extorting funds for its return as well as exfiltration of the same data to unknown malicious parties. Paying the ransom is rarely a good idea and often you won’t get data back.
Social engineering is another problem on the rise. Malicious parties can potentially spoof a caller ID, making it look like they’re calling from your bank, or your office or another trusted party in an attempt to gain access to information that is privileged or otherwise manipulate you in to doing something harmful to your company.
Malicious hackers are also directing automated attacks against Internet-connected devices more and more. These attacks largely target vulnerable systems, where there is a weak password in place, an unpatched problem, or other exposure that allows them to gain access and exfiltrate data or setup a staging area to launch other similar attacks.
As a result, more robust security measures are warranted to increase resilience against malicious attacks. We recommend that all security initiatives begin with improvements to company policy. Many companies either do not have cybersecurity policies or they are out of date.
Having an up-to-date and robust cybersecurity policy that meets or exceeds any industry regulatory requirements, defines how security is handled, how potential incidents are responded to and what expectations there are of employees, vendors, contractors and the like when it comes to handling data.
Patching software and firmware is fundamental, whether it is a server, computer, phone, network-connected device or otherwise it is crucial that these devices are patched regularly as updates are made available to reduce the chance of attack. Most updates are security fixes that announce what’s wrong and give hackers insight in to how to potentially exploit it.
How patching occurs and with what frequency should be determined by the company’s cybersecurity/IT policy.
Routine training is important as 50% of data breaches happen due to human errors that may be prevented by filling knowledge and awareness gaps. Training can be offered remotely for groups, to ensure that such measures can be taken even during this period of safety-driven isolation.
Passwords are important to keep safe and vary across different accounts. We strongly suggest using a password management tool, such as LastPass, OnePass or KeePass, to manage your passwords. Change them every six months or so, but ensure that unique and strong passwords are used with each account. Not just variations of previous passwords.
Remote management of systems being used by remote workers is an important tool. These management technologies can allow monitoring of status (if there’s suspected malware, updates not installed, software/hardware problems and more). Examples include Microsoft Azure AD + InTune, TeamViewer w/ITBrain, SolarWinds and other solutions. They also allow a more rapid response when something may go awry, even if it isn’t security-related.
Endpoint protection is very important, as many home computers are using lower grades of protection that doesn’t meet the needs of a commercial environment. Anti-virus software targeted at home users typically does not have sufficient security mechanisms in place to guard against and mitigate more sophisticated attacks.
When on-premises resources are shared from the company to remote workers it’s important to do so using a VPN, rather than just a port forward on the network. A VPN provides strong authentication, encryption and better end-to-end security as a result. Backups of all important data should be completed regularly, tested (with a restoration of data) and encrypted.
It’s helpful to consider upgrading home routers to commercial grade firewalls for anyone handling sensitive data and working from home for an extended duration. Like anti-virus software, there’s a big difference between the home router and the commercial firewall insofar as protection is concerned.
Web browsers should be secured using a plug-in like uBlock Origin, which can block known malware sites, advertising (which can link to malware) and more. The less apps, the better. Remove anything not actively used or not important on one’s computer and phone.
It is helpful to have an independent third party that has expertise in security assist with evaluation of your company’s posture and where there is room for improvement on a regular basis. This is often referred to as a cybersecurity audit and remediation, or vulnerability management.
Finally, a DNS blacklisting service, like Quad9, can help to mitigate risk by blocking access to known bad hostnames and domains (including websites).
In summary, consider security an investment. Good security pays in dividends of trade secrets and customer data staying safe, increased stability of systems and networks, as well as significantly reduced risk of reputational, financial and legal liabilities. 80% of attacks can be prevented by having and adhering to a robust security strategy, such as what this article has discussed.
After several years of relatively meager winters, could this upcoming season have a big snowstorm on tap for us? There’s some early suggestion of an elevated chance of large coastal…
Free Pantry Being Removed — “After more than three years, a food pantry in Arlington County is closing and food-insecure families who take advantage of it say they only received…
Good Thursday evening, Arlington. Let’s take a look back at today’s stories and a look forward to tomorrow’s event calendar. 🕗 News recap The following articles were published earlier today…
A look at the smallest and largest homes sold in Arlington last month, August 2023.
At Generation Hope, we’re dedicated to supporting teen parents in college as they work toward earning their degrees. We are in need of caring child care volunteers for upcoming events on Saturday, October 21st (in Washington, DC), and Saturday, November 4th (in Arlington, VA). Join our growing volunteer community and support us at an event this fall!
At all of our events, we provide free onsite child care for the children of the teen parents we serve, creating a nurturing environment for the kiddos while their parents learn valuable life skills and build community.
If you enjoy working with children and are looking to make an immediate impact in your community, please visit https://www.generationhope.org/volunteer to learn more.
Join us for Arlington’s biggest civil rights & social justice event of the year. The banquet is back in person at the Arlington Campus of George Mason University.
Our keynote speaker this year is Symone Sanders from MSNBC and former Chief of Staff for Vice-President Kamala Harris.
The Master of Ceremonies is Joshua Cole, former state delegate, NAACP President, and local pastor.
Tickets/seating are limited. Purchase your ticket today! Sponsorship opportunities available.
Join the Rosslyn BID for Fall Fest on Saturday, Oct. 14, from 1-6 p.m. at Gateway Park! Whether you’re in the mood for a refreshment at our hard cider tastings and cash bar, want a bite to eat from the