Secure Your Remote Workers: Long-Term Strategies for IT and Security Admins
We are all testing different apps and tools to stay productive and connected with colleagues, family and friends. This shift in behavior creates new and evolving cyber risks that require thoughtful consideration and attention. As employees begin using new software for collaboration, it is critical that the security team reviews any data storage or communication tools to understand the security and privacy risks they may pose.
As an example from just this past week, during a meeting I was attending using one of the most popular video meeting tools, a user logged into the meeting using their laptop at home but simultaneously a second video stream appeared. The second video stream was the camera sitting next to the user’s desktop computer across town in their empty corporate office which had turned on inadvertently. We were surprised to say the least.
Beyond tool adoption, as phishing attempts disguised as sensational news stories continue arriving in our users’ inboxes, it’s more important than ever to focus attention on user browsing habits and their susceptibility to these phishing emails.
Employ multi-faceted email defenses.
Phishing continues to be the number one attack vector of choice today. If your email security solution does not employ the following elements, consider adopting additional capabilities within product lines you are already using or seek these features from other providers. A comprehensive email security solution should assess reputation, filter SPAM and bulk email, perform URL rewriting and blocking, use sandboxing for automated file analysis, perform internal email threat analysis, automate remediation of threats identified post-delivery, and protect against attacks targeting executives and sensitive employee groups (including malware-less social engineering). Be wary of using whitelisting since domains of ‘trusted’ partner organizations often produce malicious email traffic when breached.
Secure your web browsers.
Chrome and Safari are the most common browsers used today, but Firefox, Edge and even IE (often for internal applications) have their places as well. Default configurations should be set for each of these applications. Restrict risky active content (e.g., ActiveX, Java) to trusted sites only, disable password storage and tracking cookies, and restrict installation and use of less common browsers (e.g., UC or Opera). Browser extensions or plugins should be managed and restricted. And, arguably most important of all, up-to-date patching must be enforced across all browsers. See here for further guidance from the Cybersecurity and Infrastructure Security Agency.
Deploy behavioral analytics or fine-tune your existing solution.
Most organizations have been using security information and event management (SIEM) solutions for a long time to collect, store, and analyze security log data. But many organizations are not yet going beyond SIEM to effectively leverage user and entity behavioral analytics (EUBA) or security orchestration, automation, and response (SOAR) tools. These capabilities enable real-time identification, quicker investigation, and even automated response to novel threats often missed by signature-based or other traditional security monitoring tools and methods lacking adequate data, context, and advanced machine learning and statistical models.
For those already leveraging these next-generation tools, now is the time to review analytical model baselines to account for the recent shift in user behavior. Companies not yet leveraging these tools should consider evaluating and piloting a solution to take advantage of behavioral intelligence and orchestration to identify and respond to threats.
As a starting point for less mature small and midsize organizations using Office 365, you can gain many of these features simply by upgrading your license to include Advanced Threat Protection and leverage many of the features described here.
In recent years, tool adoption, email security, and browser security have grown in importance as attackers and threats have evolved. But as we all continue to operate using a largely remote workforce, these areas have quickly assumed even greater importance. And in the months to come, it is imperative that these areas receive the increased attention they deserve.