March 17, 2020

Cybersecurity Considerations for COVID-19

It’s a situation that few of us thought we’d ever find ourselves in, but here we are. With the emergence of coronavirus (COVID-19), the working world is forced to adopt a new type of productivity, with organisations of all sizes adjusting to a new type of ‘business as unusual’. Office workers, schools, universities, government agencies, and even some healthcare providers are suddenly facing the prospect of working from home and their employers are in a predicament to work out how they can facilitate it. The challenges in securely managing systems and data have increased dramatically, leaving managers, IT teams and employees all scrambling to adapt.

Even if your workforce was largely remote or already had a strong ‘work from home’ culture, it’s time to revisit your remote work capabilities and what that means for cybersecurity. As these systems and policies transition from optional to mandatory, the Australian working class will soon find themselves tapping away at keyboards in a range of dynamic environments. From home offices to kitchen tables and living room lounges, these pop-up productivity zones are full of insecure technology like consumer-grade Wi-Fi and Internet of Things (IoT) gadgets. There are also factors of the analogue kind like pets, curious children, friends, and relatives to contend with.

For me, securing remote workers comes down to four key areas of consideration that must be assessed. These include external cybersecurity, internal cybersecurity, capacity and governance.

External Cybersecurity

Now that your workforce essentially becomes a remote workforce, you must be sure your perimeter defences are resilient and adequately secured. Undertaking vulnerability assessments and penetration tests against your perimeter is crucial in securing the sudden surge of data traversing a normally insecure network and sensitive services being accessed from insecure home and remote locations. Cybercriminals know this and your infrastructure suddenly becomes an attractive target for DDOS attacks and other disruptions. With an increase in remote accessibility, connectivity must be secured. Be on the lookout for an increase in scams and phishing emails seeking to exploit your remote workforce!

Oh yes. Even if you are cloud-based or in a hybrid on/off-premises environment, external cybersecurity has to be taken very seriously, because now more than ever, it just has to work, and be secure!

Bonus Points: If your remote access doesn’t currently use Multi-Factor Authentication (MFA), this is a must going forward. Take this opportunity to demonstrate its value and implement it.

Internal Cybersecurity

This can be rather complex, but start with what is accessible via remote access. If it was only ever used for system administrators, you must be able to control what is accessible when connected from afar. Network segmentation, access control roles, privileged access management, and all kinds of security must be applied to ensure people have access to what they need, and are restricted from what they don’t. Also, with the office unoccupied by all but the most essential staff, ensure your facilities are physically secure along with the systems they house.

For internal security concerns, a vulnerability assessment can go a long way to helping you secure your environmental, physical and technical controls.

Now that you have secured your network inside and out, what’s next?

Capacity

If you normally don’t have a lot of people working from home, you need to be sure your systems can handle the load. Are your links big enough? Is the infrastructure capable of handling the increase in connections and traffic? Do you have enough remote access licenses to allow everyone simultaneous connectivity? Do the internal links and systems have the ability to handle a sudden surge in remote access? It’s time to make sure you have enough horsepower to handle the surge, and you must also consider this could be for an extended time and not just short-term pain.

On the same token as the internal concerns, capacity can be addressed by reviewing the specs on all interconnected systems. Speak with your ISP and service providers about your ability to scale up and have sufficient bandwidth. If you need to upgrade your hardware, speak with your vendors to explore solutions that can handle the workload or your ability to upgrade existing systems. Review your licenses to make sure your systems can facilitate your remote staff.

Finally, with all of the technology in order, you need to make sure it’s managed correctly.

Governance

Do you have policies and procedures in place that cover remote access and work? Is there a minimum set of standards for what users can and can’t do, and from where? What is the policy on accessing sensitive customer or corporate intellectual property from a “non-work” location? With significant penalties at stake for mishandling private data or potential losses arising from industrial espionage, the safe and secure access and use of data is paramount.

Review your policies and procedures to ensure that workers can access what they need without being unduly hindered, but also aware of their obligations in managing the confidentiality of intellectual property and private data from customers. You may like to consider security awareness training for end users.

Businesses suddenly find themselves in the unenviable position of dealing with a largely-remote workforce and having more threat vectors to secure. The attack surface has increased dramatically, but there is a way forward.

Thankfully, there are a lot of options to step up your security game. Cloud Access Security Brokers (CASB) can help safeguard those cloud apps and connections. Data Loss Prevention (DLP) can protect your data from leakage, accidental or deliberate, and monitor where it goes and who is using it. Using modern mobile devices like laptops and tablets protected by Endpoint Detection and Response (EDR) systems is crucial in safeguarding users and systems while they connect to your business.

Security Free Trials and Vendor Offers

There are also free trials and vendor offers you may like to take advantage of to help secure your remote workers during this time.

  • Cisco Umbrella protects users from malicious internet destinations whether they are on or off the network. Because it is delivered from the cloud, Umbrella makes it easy to protect users everywhere in minutes. With this offer, existing customers can exceed their user limit to support an increase in remote workers, and new customers can access a free license. To have the initial 14-day period extended to 90 days, please contact us.
  • Cisco Duo Security enables organisations to verify users’ identities and establish device trust before granting access to applications. By employing a zero-trust model, it decreases the attack surface and reduces risk. With this offer, existing customers can exceed their user limit to support an increase in remote workers, and new customers can access a free license.
  • Cisco AnyConnect Secure Mobility Client empowers employees to work from anywhere on company laptops or personal mobile devices. It also provides the visibility and control security teams need to identify who and which devices are accessing their infrastructure. Existing AnyConnect customers can exceed their user limit to support an increase in remote workers, and new customers can access a free license.
  • Palo Alto Next-Generation Firewalls support always-on, secure access with GlobalProtect. For existing next-generation firewall customers, Palo Alto are offering a free 90-day GlobalProtect subscription trial, to enable instant remote access capacity on existing infrastructure. Customers who need additional hardware capacity can contact us so we can help expedite hardware shipments.
  • Palo Alto Prisma Access is a cloud-based firewall. For customers new to Prisma Access, you can access free accelerated deployment and onboarding of remote users for 90 days. For existing Prisma Access customers who need additional capacity, Palo Alto are offering to cover all unanticipated spikes in usage at no additional cost for 90 days.
  • Sophos are also helping to keep employees safe from home. They are offering all Sophos customers free Sophos Home Premium Commercial Use Licenses to ensure personal devices are protected.
  • Kaspersky has made four of its products free of charge to healthcare customers for the next 6 months including Endpoint Security for Business Advanced, Endpoint Security Cloud Plus, Security for Microsoft Office 365 and Hybrid Cloud Security (Enterprise Server).
  • Reach out to us to if you’d like to know more about any of these offers.

When the situation passes and it’s back to ‘business as usual’, you can rest assured the efforts you make now to secure your workforce and systems will be worth it long after COVID-19 leaves the news. Your solutions will demonstrate that you can adapt and respond to threats quickly and thrive in a remote working environment; perhaps your business may even move towards a permanent remote working model to save money, attract new talent from untapped locations, and give people better flexibility and work-life balance.

We’re all in this together.  Reach out to me any time if you need further guidance.

Stay safe out there!