As COVID-19 resulted in huge number of employees moving to a home office setup, employees are accustomed to working off the network, and more sensitive data is being stored locally than before. It’s no surprise that cybersecurity risks shot-up with the work-from-home concept.
IT departments have been struggling since 2020 to rectify the situation, most of the work-from-home employees have become comfortable not logging in to the VPN before accessing sensitive data. And this simple oversight can put your business at risk.
Lot of issues arise when no one is monitoring and employee policies are either ignored or non-existent for the work-from-home employees. Here is just a list of few.
Misconfigurations
To support work-from-home employees, all the organizations made the Software available on the internet via on-premise, hybrid and then cloud, which became a lifesaver for many at-home workers during the pandemic, and this trend still continues. Vulnerabilities are introduced, when access is misconfigured, giving employees too much access or access to areas not needed to do their job and lack of awareness on security.
Zoom-raiding
When in-person meetings we replaced by videoconferencing as a means of social distancing, zoom-raiding surfaced and found a place for itself. Zoom-raiding, describes when uninvited participants, typically hackers, break into a zoom call. Though it seems unlikely, but anyone with a public meeting link can join. And now, links to public meetings are shared via social media sites, giving anyone access to your confidential discussions.
Publicly accessible Wi-Fi
Many of the remote working employee’s creative thinking made them move to coffee shops, libraries, and places where public Wi-Fi was accessible, and were able to get rid of the boring “remote” portion of the workday, which had become a part of their routine life. Hackers can setup fictious hotspots that look like the public Wi-Fi, and when employees login, data is stolen. Even more shocking is when the employee’s identity is stolen [name, org., email, password, etc.], which can then be used to impersonate the employee to other co-workers.
Shadow IT
Shadow IT is the use of software, applications, devices and various other technology systems in order to bypass perceived or actual limitations of solutions provided by organizations IT department or to increase the productivity and efficiency during work, but have not been approved by the IT department. Earlier it was an issue and now it is widespread and left unchecked.
When the IT department is unaware of a certain technology being used, they will not be able to secure it or support it. This can often lead to vulnerabilities and security issues, while opening yet another window for hackers.
Vulnerable Hardware
With unsecured personal laptops and smartphones accessing confidential data at the start of the pandemic, attack surfaces expanded. For those employees who had never worked from home, and whose security experience is limited to making sure their antivirus software hasn’t expired, their goal was just to get the job done. But out-dated home routers and personal laptops without the right security opened the window. ta breaches, ransomware attacks and various other cyber based attacks.
Securing Remote Workforce
VPN Usage
When you force employees to login to a virtual private network [VPN] prior to working on any task, all activity is performed behind the organizations firewall, thus securing data and any communications the employees have with systems, devices, and co-workers. This should also apply to any consultant or third-party vendors that have access to sensitive data, network or secure systems.
Password Management
Document and have policies and procedures around password usage, forcing employees to use MFA/2FA where available, different passwords for different logins, rotation of passwords, and use of strong passwords that can’t be easily guessed or hacked.
Access & RBAC
Restrict access to employee only to those areas that are necessary to complete a job. Never give full access to any employee just for the sake of ease of use. All access provided should be based on roles, need to know basis and with least privilege.
User access permissions must be frequently reviewed by managers to ensure that correct personnel are listed on their team, and always revoke rights immediately upon termination. All access is revoked and accounts are disabled upon employee’s employment termination date.
Attack Surface Management [ASM]
Attack surface is the hardware, software, SaaS, and cloud assets that are accessible from the Internet that process or store your data. These assets can be attack vectors for cybercriminals who could use them to manipulate a network or system to extract data. Attack Surfaces can be known assets, unknown assets, vendors, rogue assets, etc..
ASM is the continuous discovery, inventory, classification, prioritization, and security monitoring of external digital assets that contain, transmit, or process sensitive data. It is everything outside of the firewall perimeter that attackers can discover as they research and target the threat landscape for vulnerable organizations.
Like every law has a loop hole, so does every policy and procedure, which can still introduce vulnerabilities, especially if remote employees refuse to follow them. Attack surface management software can run 24/7 in the background, monitor systems and immediately alert IT department if unauthorized access or suspicious activity is detected. This timely detection can save time and dollars by thwarting hackers before a cyberattack can be fully executed.
