Keeping Remote Workforces Safe and Secure – Part II

Today, we continue this detailed look at what corporate IT security teams should be doing to prevent cyberattacks when a majority of the workforce is temporarily working remotely. Part I posted yesterday.

Create Two-Step User Access for Administrators

Remote administration on systems is a particular area of concern, as these tasks tend to require privileged accounts. When it comes to these types of tasks, best practice would be to have two separate accounts for system administrators. One would be a low privilege user account which the employee would use for everything but administration tasks, and the other would be an account with high privileges which would only be used when necessary. With this setup, the administrators would authenticate through the VPN using a low privileged account, and then once they are connected to the internal network, they would authenticate with the machine they need to do administration on using their higher privileged account. This would help to protect the highly privileged accounts from being compromised by keeping their use solely inside of the internal network. This policy can be enforced by preventing users from connecting to the VPN using an account with high privileges. This is also a good strategy to employ in any ordinary network, even ones without a substantial amount of external connections. Limiting the use of privileged accounts is always good in any scenario, and it goes by the principle of least privilege: only use the bare minimum level of privileges you need to accomplish a task.

Selecting the Right Teleconferencing Software for Secure Use

One other consideration for the transition to a remote workforce is the increased dependence on teleconferencing software, used both on employee laptops and personal devices.  While teleconference software has played a critical role in business in the global workforce, it has now reached a new height of criticality for businesses.  Moreover, conversations that were typically had in person (board/audit committee meetings, executive strategy sessions, contract negotiations, HR conversations on hiring, termination, salary, etc.) are now being conducted over this third-party software.  The business should review the terms and conditions of this software, its recording features, the information it captures from participating workstations and mobile devices, and its privacy settings, and take these into account when selecting which software may be appropriate for critical meetings.  Additionally, it may become necessary to instruct the workforce on securing a private location prior to participating in sensitive discussions.  One other training step may include a review and confirmation of all attendees on a conference call prior to critical discussions (for example, who is that random phone number that is dialed in and no one recognizes?).

New Considerations for Defending the Network

With the move to remote work, it’s important to remember that the surface area attackers can abuse is now increased. Caution should be taken when setting up remote access to systems, and potential vectors of attack should be considered when securing data and access. The considerations above should give a better idea of ways to perform threat management and prevent malicious actors from abusing your infrastructure.

Once additional procedures have been put in place to permit remote workers, the security team will then be presented with the challenge of monitoring the network for suspicious activity. Prior to this shift, defenders may have been able to isolate malicious traffic due to its origin on the internet. With a remote workforce, attackers may be able to hide. Consider reviewing how your team searches for malicious network activity and signs of attacks within a distributed computing environment. For instance, it may become more valuable to identify the new behavior patterns of your workforce and the geographic regions they are working in to help spot anomalies. Further, revisit your incident response plans and update procedures on how your organization may need to change the way it both detects and responds to attacks. In the event an intruder gains access to the network, can the team respond as effectively with a remote workforce? Consider revising staffing plans to account for the increased complexity in these processes.

Users will be adapting to this new reality, and not everyone will have the same level of comfort and experience with remote work. Consider evaluating security awareness training to account for this, and ensure users are reminded of data privacy best practices, as well as company rules about personal devices and non-employee use of company computer systems.

In times of unprecedented change and disruption to the lives and livelihoods of workers around the globe, organizations are being forced to adapt quickly. Managing the ability to detect and respond to new and evolving threats in this landscape can help prevent additional impact from a malicious attacker and allow the business to focus on its people and its mission.

Protiviti offers a wide range of security and privacy solutions, tailored to meet the unique needs of each organization. With our ability to function at both the strategic and tactical levels, we combine deep technical security competence with executive-level communication and management. Our holistic approach starts by understanding what is most important to organizations, then structuring and supporting programs so your business is engineered to grow securely. To learn more, contact us.

 

Want to learn more about maximizing your organization’s capabilities during the COVID-19 pandemic? Check out our Enterprise Resilience Webinar Series. Also, check out these Work from Home Cybersecurity Practices.

David Taylor

Managing Director
Technology Consulting – Security and Privacy

Mike Ortlieb

Director
Technology Consulting – Security & Privacy

Trevor Leach

Consultant
Technology Consulting

Subscribe to Topics

Protiviti Director Kyle Swanson explains how SAP Fiori can help increase user adoption, reduce workload and process complexity and free up time for your resources to focus on higher value tasks http://ow.ly/DACw50D9RWc #SAPblog #SAPFiori

Is your organization managing to the speed of emerging technology? Is its business model at risk of digital disruption? If the board's not sure, it’s time to assess digital readiness http://ow.ly/xlJX50D5MX0 via @cci_compliance
#DigitalReadiness #DigitalDisruption @DeLoachJim

Session voting and registration is OPEN for DynamicsCon, a free, virtual event focused on Microsoft Dynamics and Power Platform! Vote for our sessions and register today!
Vote: https://bit.ly/3oIxS4y
Register: http://bit.ly/3nHTH2Q
#Dynamics365 #PowerPlatform #Microsoft

How are you protecting your data? Join us on February 3rd to see how #Microsoft Information Protection can help your organization protect sensitive data throughout its entire lifecycle. Register now: http://bit.ly/3b9udsz

@Microsoft #MIP #DataProtection

What does #resilience mean for your organization? A key first step is understanding the attributes of a #BCM or Operational Resilience program. Learn more at http://ow.ly/1r9250CShAt
#businesscontinuity #businesscontinuityplanning #operationalresilience #bankingindustry

Load More...