With many organisations transitioning staff to remote working, it’s easy to focus solely on upscaling network capacity rather than the significant cybersecurity risks. Here, two of Colt’s Cybersecurity Managers outline the main threats and solutions that IT departments should be aware of.
Chris Ames – Manager, Security Architecture and Consultancy at Colt.
With more people working from home, what are the threats to networks and data security?
A balance needs to be struck between quickly getting more people connected from home, while not compromising too much on security.
Some may not have pre-existing secure remote working systems in place that can scale up to support 100% work from home. In the rush to set up remote workers, businesses should be careful not to expose critical systems without appropriate security controls, and should take advice from in-house security teams, vendors or 3rd party experts. A security incident that sees hackers break into the company’s systems via a misconfiguration, could potentially prove more costly or disruptive than a short pause while secure systems are built.
Once a secure remote connectivity solution has been implemented a key threat to networks will be availability. Not only will systems need to cope with a larger amount of legitimate traffic from home workers, but a distributed denial of service (DDoS) attack from a malicious party could have wider business impact if it makes remote connections impossible.
Some remote working strategies may rely more on the use of non-company assets, such as home computers, to connect into virtual desktop (VDI) solutions or cloud communication/sharing platforms. While these are often good choices, it’s important to keep control of company data with a combination of technical and non-technical controls. For example, using technical controls to block data transfer between untrusted home computers and virtual desktops, and ensuring legal agreements with cloud vendors keep company data ownership and usage clear.
What advice would you give to IT departments on securing their networks at this time?
Businesses should take time to think through the implications of whichever remote-working tools are chosen and the relevant security path. IT teams should involve the security teams in the discussions as early as possible, so security is built into any designs and plans.
Where possible, understand and utilise the tried, tested and built-in remote capabilities and security features of your existing platforms (e.g. O365 has many pre-canned features, no need to cobble something bespoke together quickly).
For example, at Colt we have an IP Guardian anti-DDoS product that can help to keep systems available if they come under DDoS attack.
It’s also important to implement a clear communications plan, and keep users fully informed about how they can work safely and request help while remote.
Reach out to your vendors – many are offering extended support and advice in these extraordinary times. Some are even offering free software that a client company’s workers can use at home (e.g. anti-virus).
Edet Umoren – Manager, Information Security Compliance and Assurance at Colt.
How is fear around the virus increasing phishing concerns?
Phishing is already a major concern and the current global pandemic is a perfect opportunity for cybercriminals seeking to take advantage of the situation.
This period has seen a huge increase in scams, with scammers exploiting and tricking victims into revealing sensitive information, donating to fraudulent charities or installing software that encrypts files and demands ransomware. Other scams include phishing emails and phone calls impersonating the World Health Organisation, government authorities and legitimate businesses.
Some of the scams that we have been made aware of are:
- Phishing and Smishing emails designed to look they are from the National health authorities – US Centre for Disease Control (CDC), World Health Organisation (WHO)and the NHS UK with medical advice and information pertaining to Coronavirus
- URLs claiming to be Coronavirus tracker apps
- Workplace policy emails encouraging users to: ‘Download a new policy to do with Coronavirus’ or ‘Download Coronavirus Safety Measures’
How can businesses protect against these phishing scams?
It is possible for businesses to protect against phishing – our recommendations include:
- Web and content filtering
- Endpoint protection
- Working with ISP’s to implement security measures
- Reviewing internal processes to ensure prompt response and recovery from possible attacks
- Keeping systems and devices up to date with patches
- Taking advantage of the filtering functionality that comes with solutions from cloud based email providers such as Microsoft and Google
Raising security awareness within the organisation is also important. Internal communications such as emails, security awareness newsletters, as well as regular security awareness training and phishing simulations are simple ways to protect against phishing attacks.
We’d also offer the following advice to employees working from home:
- Exercise caution in handling any email with a Covid-19-related theme, avoid clicking links in unsolicited emails and be wary of attachments even from people you know
- Trust your instincts. If an email or email attachment seems suspicious, don’t open it, even if your antivirus software indicates that the message is clean. Attackers are constantly releasing new viruses and the antivirus software might not have the signature. Report the email to your security team if it seems suspicious
- Do not reveal personal or financial information in email and do not respond to email solicitations for this information
- Use trusted sources, such as government websites, for up-to-date, fact-based information about Covid-19:
Visit our Cybersecurity hub for more information about our related services and products.