As COVID-19 spreads across the globe, we can all see its effects - from the volatile stock market and the cancellation of sports leagues to the closures of our local schools and changes in the lifestyle in our communities. While it is important to stay vigilant, wash our hands, and maintain social distancing policies, it is also important that we talk about another kind of hygiene, (and I know this sounds corny): our cyber hygiene.
As more businesses move to remote work to contain the virus and keep it from spreading, security risks will naturally arise. It’s important for all businesses making this transition to take a step back and evaluate the business’ security infrastructure to ensure you have the necessary practices and policies in place. When sending people to work remotely, it’s important to position your team effectively so you can add preventative security measures against any potential breaches or hackers.
A business may have sound security measures in place to protect the normal course of business, but they cannot simply be “cut and pasted” and applied to an increasingly remote workforce. Telecommuting presents its own unique set of security challenges, including a number of environment changes and increased reliance on the digital world, all of which must come into consideration. What devices will employees be using, and where will they be using them? Could others have easy access to information that is proprietary, either in physical proximity or through a shared WiFi connection? How will we share information with each other, and is that source being proactively secured?
Addressing these questions and more requires a business to plan and implement specific security measures. And while it can seem overwhelming, there is a clear path to resolving any issues. In order to keep things simple and straightforward, let’s look at the challenge of securing a remote workforce in the form of a checklist:
Many (if not most) organizations are providing their employees with VPN access to the company’s internal network. While IT staff usually (and hopefully) maintain the network and keep it secured and patched, people oftentimes neglect VPN servers/appliances. We have all seen this happening fairly recently with multiple vulnerabilities discovered in the summer of 2019 in PulseSecure VPN and other products.
Giving your employees VPN access to the organization can help maintain business continuity, but can also be disastrous if they are misconfigured or unpatched. Please make sure that your VPN configurations, policies, and software/hardware are properly configured. Implement strong identify verification and authentication techniques and enable 2FA.
You wouldn’t leave your business’ doors wide open and let anyone in, right? VPNs are the same. Without proper configuration and security measures, bad actors can easily infiltrate a VPN and wreak havoc.
Attackers are already releasing malware campaigns that exploit the panic around coronavirus. As an example, one campaign is masquerading as a coronavirus infection map. Remind your team that there are plenty of websites, including the World Health Organization’s official website, where you can get all of the necessary information without having to download any “software”.
Plenty of companies are issuing email updates to their employees on a daily basis with their policies and protocols around COVID-19. Make sure your employees can tell which emails are officially sent from company management. Attackers will try to exploit this lack of certainty to their favor with phishing campaigns.
Malicious COVID-19 themed documents and files on VirusTotal.
Plenty of businesses are shutting down their offices and moving to 100% remote working. While your cybersecurity may be up to par, make sure your physical security is too. This is equally important to securing your workforce digitally, and should be addressed with guidelines that all employees can follow. No confidential information should be left on desks or out in the open. Secure rooms and safes must be properly secured and locked. If you have security cameras, make sure that they are online and properly configured.
The coronavirus isn’t taking a break from infecting people, and neither is malware. The Cybereason Nocturnus team has already observed malware campaigns leveraging the coronavirus panic to spread and threat actors are crafting ransomware campaigns around the COVID-19 panic. It’s important to double and triple check that all of your backups are in place and that your company has a rapid response program that will allow you to recover quickly in the case of a ransomware attack. Having people working remotely can pose an extra challenge with this, which is why it is important to make sure that every security-doer in your organization, from your IT team to your security analysts to your incident responders, are ready and willing to take on the challenge if it does indeed arise.
This is perhaps the most important advice I can give. We have seen people panicking all over the world, ransacking supermarkets and department stores and (for some reason) creating a toilet paper shortage that affects entire countries. If you decide that your organization is switching to remote work, review this checklist rationally and slowly. Make sure that all of your security systems (physical and electronic) are properly configured, VPNs are patched, passwords are secured and rotated.
Spending an extra few hours or even a day going through these processes can save a lot of valuable time and money in the long run. While this situation feels both strange and uncharted , technology allows us to overcome the challenges and fears that we have, as long as we remain calm and apply a good amount of thought. Just like we’re all making sure that we wash our hands properly, we should also maintain proper cyber hygiene. It may sound like a corny suggestion, but sadly, we have enough experience to know how bad things look when these steps aren’t followed.
And please, for the love of all that is holy and dear to you - save some toilet paper for others.
Check out our resources page for helpful tools to maintain secure business continuity.
Amit Serper is Principal Security Researcher at Cybereason. He specializes in low-level, vulnerability and kernel research, malware analysis and reverse engineering on Windows, Linux and macOS.
Over the last five years ransomware operations evolved both in capabilities and the degree of organizational structure behind it. In this webinar, we’ll cover the changes, what they mean and how cybersecurity strategies need to adapt to match this changing threat. But most importantly, have we learned from our past mistakes?
Over the last five years ransomware operations evolved both in capabilities and the degree of organizational structure behind it. In this webinar, we’ll cover the changes, what they mean and how cybersecurity strategies need to adapt to match this changing threat. But most importantly, have we learned from our past mistakes?
