Many businesses unexpectedly face moving their employees to work remotely due to the recent Coronavirus (COVID-19) outbreak. With little to no notice, organizations are now scrambling to establish business continuity while responding to this international health crisis. Some states, including California and New York, have mandated that businesses close down offices and all citizens to stay home unless necessary.
Entering into this already volatile business environment are the hackers and cybercriminals who seek to take advantage of the situation. The current cyber landscape has increased the risk associated with having multiple external endpoints and exposed Remote Desktop Protocol (RDP) connections through critical servers lacking proper security or firewall configuration. How can organizations get their workforce up and running quickly while keeping their information secure?
Key ingredients for immediate telework needs
• Two-factor authentication/secure access and credentials: Rather than requiring just a password as means of authentication, a more secure way to ensure proper access is through two-factor authentication. In addition to a password, require a card reader, biometric scan, mobile access code or other method of authentication.
• Prevent unauthorized access: The best way to prevent unauthorized access when working from home is to use encrypted email and messaging platforms for all communications. Avoid the temptation to use personal email accounts, particularly Gmail and other web-based services on work-related devices. Employers can install a virtual private network (VPN) on employee computers and insist communication be conducted via these encrypted systems.
• Protect your work environment from unsecure networks: When working outside the office, one might be tempted to get out of the house and telework from the neighborhood café. Unsecure networks, particularly wireless networks such as free public Wi-Fi hubs present a substantial security risk, allowing cybercriminals easy access to devices and transmitted information. Even working at home can be risky if a personal network is unsecured. Employees should only access VPN-secured networks outside their office work environment.
• Setup access to critical communication tools: Hackers are targeting common enterprise communication tools (e.g., email, chat, video conferencing, VoIP phone) more than ever in the wake of COVID-19. Knowledgeable IT staff should ensure security safeguards are in place for all endpoints and are properly configured, secured, patched, and up-to-date with cybersecurity programs and that the systems run only authorized applications.
Advanced technology for the long-term remote worker
• Cloud-based Multi-Factor Authentication (MFA) strengthens and simplifies standard MFA by leveraging the cloud-based services such as Azure. They provide an easier approach to managing identity solutions by delivering adaptive authentication capabilities across a unified device experience.
• Multi-Token Support uses a small device known as a “token” to generate a digital authentication code as an alternative to a phone-based authentication app. While calls and texts may be rerouted and effectively stolen from a phone, passwords on tokens are stored within the token itself and cannot be intercepted unless the token is stolen.
• Endpoint Detection and Response (EDR) provides critical protection for companies with large number of employees connecting from outside the office workspace. EDR allows IT staff and security teams to monitor activity on all devices connected to the company’s network (endpoints). Such solutions record system activities and events while providing the visibility IT personnel need to uncover incidents that would otherwise remain invisible.
• Web Application Firewall (WAF) is a specialized firewall that applies specifically to web applications. Deployed in front of web apps, WAFs analyze bi-directional web-based (i.e., HTTP) traffic, detecting and blocking anything malicious. A security solution on the web application level, WAF functions independently of the application itself.
The future of working remotely
• Moving backups and work to the cloud has already become a common practice among many companies and the migration to cloud services should only accelerate in the aftermath of this pandemic. Numerous products exist from key industry leaders like Microsoft, Amazon and Google. All offer secure options that protect sensitive data and communications for remote work.
• The development of additional virtual tools for remote work is also likely to see a surge in response to COVID-19. Remote tools are becoming standard even for non-remote work. For a range of reasons beyond avoiding health risks, remote communication is winning out over face-to-face meetings because of the flexibility and additional capabilities provided by these tools.
These are difficult times for businesses and organizations of all sizes. Valeo Networks’s staff of knowledgeable IT experts that have worked with a list of clients that include NASA, all branches of the U.S. military, a range of federal and local agencies and private industry. We can provide the tools and guidance your organization needs overcome the challenges of this unprecedented global health crisis. Contact us today for a complimentary consultation.