The COVID-19 Shift: Securing a Large, Remote Workforce
SkyBox Blog TeamMarch 18, 2020
The chaos surrounding COVID-19 has forced seismic change upon many businesses, many of which now have to be concerned with securing a large, remote workforce. Naturally, the health and wellbeing of employees is the primary concern for every organization. For office-based companies, this has meant a mass exodus from shared spaces. On a personal level, members of staff are having to adjust to having to work from home (WFH). On an organizational level, IT teams have been working full out to ensure that everybody is set up properly. And on a security level, there are a number of new risks that must now be managed.
Cybercriminals thrive on chaos. We have already seen a sharp increase in the volume of phishing and spearphishing campaigns: attackers are trying to take advantage of the tumult caused by COVID-19. Security leaders need to acknowledge this, as well as understand what needs to be done to secure their expanding network perimeter.
As it stands, the majority of companies already have some segment of their employee population working remotely. Because of this, they will have capabilities in place to support remote employees. But it’s very likely that these capabilities were not developed to be applied to entire workforces. In light of this, it is critical to ensure business resiliency.
How to Secure a Large, Remote Workforce
At a minimum, companies should have a defined business continuity plan that accounts for a long-term working from home policy, which includes:
- Defining how to handle employees that have hardware or software issues with either their home or company equipment – this includes stocking an inventory of replacement laptops
- Defining how to maintain management of remote computers – this includes patching, configuration, detecting potential compromises, policy violations and other potential disruptions to critical business systems.
- Defining a plan of action that can be used if internal IT systems become overwhelmed. This can mean limiting access to only critical functions until more computer or network resources can be provided, after which the scope of access can be increased based on priority business functions. In cases where it isn’t possible to limit access, a decision could be made to change the timeframes within which people access company resources.
Assessing the Risk Inherent to the Mass WFH Shift
This shift can have a large short-term impact on over-stretched IT and security teams. One of the biggest risks that they have to manage concerns employees who generally do not work remotely and who need to access corporate resources remotely. If this risk is not properly mitigated, it could open the door to new viruses, malware or other digital interlopers due to their lack of secure home networks and other personal systems.
Additionally, as we have already seen in APAC and now see globally, those with nefarious intent will try to take advantage of the situation by increasing the spread of spam and malware-laden emails. Typically, these malicious actors use information on COVID-19 to lure people into clicking on links and opening infected emails and attachments. These compromised systems now become new attack vectors for hackers to gain access to corporate resources, which potentially dramatically increases the attack surface for many companies.
In this new environment, organizations need to make sure they can continuously assess their risk posture against both compliance mandates and internal corporate policies. To do so, having the following capabilities should now be seen as imperative:
- Having an infrastructure-wide view of all corporate assets wherever they reside, both computer assets and network infrastructure
- Access and path analysis to critical systems and between network segments
- Addressing critical vulnerabilities on critical business assets, especially those that have exposures from external attack or less secure internal network segments
- Ensure proper secure configuration of VPN, firewalls, security and networking device and all other ingress and egress points to critical assets
This is a confusing and concerning time for all of us. By operating with an abundance of care, we will be able to protect our employees and our businesses.