Cybercriminals are preying on fears of the COVID-19 coronavirus pandemic to spread malware, perpetrate scams, and compromise systems and networks. Many of these attacks are targeting employees who are working from home under “social distancing” policies. Organizations should shore up their cyber defenses to ensure that attacks on remote workers don’t result in a security breach.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on March 13th about phishing emails attempting to steal user credentials from teleworkers. The CISA also warned that cybercriminals are targeting vulnerabilities in the virtual private networks (VPNs) remote workers use to connect to corporate IT resources.
According to the Check Point Global Threat Index, 8 percent of the more than 4,000 coronavirus-related domains are malicious or suspicious, creating a significant threat of malware infection if an employee visits one of these sites. Security experts have also noted attacks on company executives who are working outside their organization’s secure network perimeter.
That perimeter has all but disappeared in recent years due to increasing numbers of remote and mobile workers. Approximately 4.7 million Americans now work from home at least half the time, according to the U.S. Census Bureau. That’s a 159 percent increase since 2005. The rise in telework due to the COVID-19 pandemic will likely result in more employees taking advantage of this option long term.
Organizations should prioritize security policies, procedures and technologies to protect remote workers. It starts with a “zero trust” security model in which every user and device attempting to access the network is presumed to be a threat. User identities and the security posture of the devices they use must be authenticated, whether they are inside or outside the network perimeter. User behavior analytics tools can help to detect deviations from normal activity that could signal a cyberattack.
Other steps organizations can take include:
- Limit the risk associated with stolen credentials. Implement multifactor authentication for remote access. Adopt the principle of least privilege, which limits access to only those resources employees need to do their jobs. Utilize network segmentation to prevent hackers from moving laterally through the network should they gain access.
- Keep systems and devices up to date. Implement the latest software patches and updates in VPNs, firewalls and devices remote workers use to access the corporate network. Require that the devices employees use maintain minimum security standards.
- Implement IT operational procedures. Ensure that IT personnel are prepared to monitor remote access, detect attacks and respond to security incidents. Prepare for mass usage of VPN connections and use rate limiting and other techniques to prioritize users requiring access.
- Educate remote workers. Alert users about the increase in phishing attacks related to the pandemic and warn them to be suspicious of links and attachments that purport to provide information on COVID-19. Provide ongoing training so that users learn to recognize phishing and other social engineering techniques. Ensure remote workers know who to call for support or to report a security incident.
Remote workers should also take steps to prevent a cyberattack, including:
- Ensuring their router and Wi-Fi connection are secure
- Keeping all operating systems, security tools and antivirus software up to date
- Regularly backing up files to protect against loss and ransomware
- Using only company-approved software and collaboration tools
Rahi Systems can help you implement the policies and tools you need for telework security. Give us a call to schedule a confidential consultation.